CVE-2025-45001

Exploit

EPSS 0.04%
Veröffentlicht 09.06.2025 00:00:00
Zuletzt bearbeitet 23.06.2025 14:18:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Numan ≫ React-native-keys Version0.7.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.123

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5

Third Party Advisory

Exploit

Mitigation

https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-45001

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-45001

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-45001

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-45001