CVE-2025-2355

Name of the Vulnerable Software and Affected Versions BlackVue App version 3.65

Description A vulnerability was found in the BlackVue App, affecting some unknown functionality of the component API Endpoint Handler. The manipulation of the BCS TOKEN/SECRET KEY argument leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations As a temporary workaround, consider restricting access to the API Endpoint Handler until a patch is available. Avoid using the BCS TOKEN/SECRET KEY argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.