CVE-2025-45001

HIGH

Numan React-native-keys - Cleartext Storage

Title source: rule

Description

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

References (2)

[Exploit, Mitigation, Third Party Advisory] https://gist.github.com/ch3tanbug/44aedff79dd5d2d6beadbffcd01e0de5

[Third Party Advisory] https://github.com/ch3tanbug/vulnerability-research/tree/main/CVE-2025-45001

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 28.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

npm/react-native-keys 0npm

numan/react-native-keys 0.7.11

Published Jun 09, 2025

Tracked Since Feb 18, 2026