{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-45001", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-06-09T19:47:56.235Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2025-06-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-09T17:02:09.473Z"}, "descriptions": [{"lang": "en", "value": "react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5"}, {"url": "https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "references": [{"url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T19:41:05.049116Z", "id": "CVE-2025-45001", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T19:47:56.235Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-45001", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T19:41:05.049116Z"}}}], "references": [{"url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T19:26:06.524Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5"}, {"url": "https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001"}], "descriptions": [{"lang": "en", "value": "react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-09T17:02:09.473Z"}}}, "cveMetadata": {"cveId": "CVE-2025-45001", "state": "PUBLISHED", "dateUpdated": "2025-06-09T19:47:56.235Z", "dateReserved": "2025-04-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-06-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:numan:react-native-keys:0.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "C28ED9CD-FA1A-4DB8-9877-CF717ACEC6D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools."}, {"lang": "es", "value": "React-native-keys 0.7.11 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial (remota), ya que el cifrado y los fragmentos Base64 se almacenan como texto plano en el binario nativo compilado. Los atacantes pueden extraer estos secretos mediante herramientas b\u00e1sicas de an\u00e1lisis est\u00e1tico."}], "id": "CVE-2025-45001", "lastModified": "2025-06-23T14:18:43.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-09T17:15:29.157", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}