CVE-2025-45001

HIGH

react-native-keys 0.7.11 - Cleartext Storage of Sensitive Information in Compiled Native Binary

Title source: llm

Description

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

References (2)

Core 2

Core References

Exploit, Mitigation, Third Party Advisory

https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5

Third Party Advisory

https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0017

EPSS Percentile 6.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

npm/react-native-keys 0npm

numan/react-native-keys 0.7.11

Published Jun 09, 2025

Tracked Since Feb 18, 2026