CVE-2025-2909

MEDIUM

DuoxMe <3.3.1 - Info Disclosure

Title source: llm

Description

The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fermax-mobile-applications

Scores

CVSS v4 6.9

EPSS 0.0003

EPSS Percentile 10.2%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (1)

Fermax/DuoxMe iOS application < 3.3.1

Published Mar 28, 2025

Tracked Since Feb 18, 2026