CVE-2025-2909

MEDIUM

Fermax DuoxMe iOS application < 3.3.1 - Cleartext Storage of Sensitive Information

Title source: llm

Description

The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fermax-mobile-applications

Scores

CVSS v4 6.9

EPSS 0.0006

EPSS Percentile 0.0%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (1)

Fermax/DuoxMe iOS application < 3.3.1

Published Mar 28, 2025

Tracked Since Feb 18, 2026