CVE-2025-61119

HIGH

Kanova Android App 1.0.27 - Info Disclosure

Title source: llm

Description

Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful exploitation could result in privacy breaches, unauthorized group access, and misuse of the platform.

References (1)

Core 1

Core References

Various Sources

https://kar1oz.notion.site/Kanova-2629a473ecb2801bac89ce99d0b30df7

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Oct 30, 2025

Tracked Since Feb 18, 2026