PT-2026-2853 · Unknown · Crazy Bubble Tea
Published
2026-01-14
·
Updated
2026-01-14
·
CVE-2025-14317
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Crazy Bubble Tea versions prior to 915 (Android)
Crazy Bubble Tea versions prior to 7.4.1 (iOS)
Description
An authenticated attacker can obtain personal information about other users in the Crazy Bubble Tea mobile application. The server does not verify permissions required to access data through the
loyaltyGuestId parameter, leading to improper access control.Recommendations
Update to Crazy Bubble Tea version 915 (Android) or later.
Update to Crazy Bubble Tea version 7.4.1 (iOS) or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crazy Bubble Tea