CVE-2025-61117

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Senza versions 2.10.15

Description The Senza: Keto & Fasting Android App has an issue with how it controls access to user data. Insufficient checks in the app’s API endpoints allow attackers to get authentication tokens and take over accounts. This could lead to unauthorized access to accounts, privacy breaches, and misuse of the platform. The vulnerable API endpoints allow attackers to bypass intended access restrictions.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-61117

Affected Products

Senza

CVE-2025-61117

Weakness Enumeration

Related Identifiers

Affected Products

References · 5