CVE-2025-2356

Name of the Vulnerable Software and Affected Versions BlackVue App version 3.65

Description A vulnerability was found in the BlackVue App, affecting the function deviceDelete of the component API Handler. The manipulation leads to the use of the GET request method with sensitive query strings. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For BlackVue App version 3.65, as a temporary workaround, consider disabling the deviceDelete function of the API Handler until a patch is available. Restrict access to sensitive query strings in the API Handler to minimize the risk of exploitation. Avoid using the GET request method with sensitive query strings in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.