CVE-2025-45001

{"id": "CVE-2025-45001", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-09T17:15:29.157", "references": [{"url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5", "source": "cve@mitre.org"}, {"url": "https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001", "source": "cve@mitre.org"}, {"url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools."}, {"lang": "es", "value": "React-native-keys 0.7.11 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial (remota), ya que el cifrado y los fragmentos Base64 se almacenan como texto plano en el binario nativo compilado. Los atacantes pueden extraer estos secretos mediante herramientas b\u00e1sicas de an\u00e1lisis est\u00e1tico."}], "lastModified": "2025-06-12T16:06:47.857", "sourceIdentifier": "cve@mitre.org"}