CVE-2025-13476

Name of the Vulnerable Software and Affected Versions Rakuten Viber versions 25.6.0.0 through 25.8.1.0

Description Rakuten Viber’s Cloak mode on Android version 25.7.2.0g and Windows versions 25.6.0.0 through 25.8.1.0 employs a consistent TLS ClientHello fingerprint that lacks extension diversity. This predictable fingerprint allows Deep Packet Inspection (DPI) systems to easily recognize and block proxy traffic, potentially hindering censorship circumvention efforts. The issue relates to a weakness in cryptographic implementation (CWE-327).

Recommendations Update Rakuten Viber on Windows to a version later than 25.8.1.0. Update Rakuten Viber on Android to a version later than 25.7.2.0g.