CVE-2025-65832

Dec. 12, 2025, 3:18 p.m.

4.6
Medium

Description

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. As a result, an attacker with physical access to the device of a victim can retrieve this information and gain unauthorized access to their home Wi-Fi network and Meatmeet account.

Product(s) Impacted

Product Versions
mobile_application
  • *
meatmeet
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-316
Cleartext Storage of Sensitive Information in Memory
The product stores sensitive information in cleartext in memory.

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-sensitive-information-stored-in-memory-md
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Sensitive%20Information-Stored-in-Memory.md

Tags

cve@mitre.org
CWE-316
2025-12-10
CVE-2025-65832

CVSS Score

4.6 / 10

CVSS Data - 3.1

  • Attack Vector: PHYSICAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    View Vector String

Timeline

Published: Dec. 10, 2025, 9:16 p.m.
Last Modified: Dec. 12, 2025, 3:18 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.