CVE-2025-65827

Name of the Vulnerable Software and Affected Versions Mobile application (affected versions not specified)

Description The mobile application allows clear text traffic to all domains and communicates with an API server over HTTP. This allows an attacker positioned upstream to intercept and modify traffic, potentially compromising a user's account if active authentication tokens are intercepted or the MD5 hash sent during login is cracked. The API server is vulnerable to interception attacks due to the use of HTTP. The vulnerable parameters include authentication tokens and the MD5 hash used during login.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.