CVE-2025-13476

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rakuten Viber versions 25.6.0.0 through 25.8.1.0

Description Rakuten Viber’s Cloak mode on Android version 25.7.2.0g and Windows versions 25.6.0.0 through 25.8.1.0 employs a consistent TLS ClientHello fingerprint that lacks extension diversity. This predictable fingerprint allows Deep Packet Inspection (DPI) systems to easily recognize and block proxy traffic, potentially hindering censorship circumvention efforts. The issue relates to a weakness in cryptographic implementation (CWE-327).

Recommendations Update Rakuten Viber on Windows to a version later than 25.8.1.0. Update Rakuten Viber on Android to a version later than 25.7.2.0g.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2025-13476

Affected Products

Rakuten Viber

Rakuten Viber For Android

Rakuten Viber For Windows

CVE-2025-13476

Weakness Enumeration

Related Identifiers

Affected Products

References · 11