exploitDog

CVE-2025-45001

Опубликовано: 09 июн. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

Ссылки

https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5
Exploit
Mitigation
Third Party Advisory
https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001
Third Party Advisory
https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:numan:react-native-keys:0.7.11:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00024

Низкий

7.5 High

CVSS3

Дефекты

CWE-312

Связанные уязвимости

GHSA-fj44-h6xw-896g

CVSS3: 7.5

github

8 месяцев назад

react-native-keys insecurely stores encryption cipher and Base64 chunks

EPSS

Процентиль: 6%

0.00024

Низкий

7.5 High

CVSS3

Дефекты

CWE-312