CVE-2025-65820

CRITICAL

Meatmeet Android Mobile App <1.1.2.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your account, two of which have not been publicly released. As a result of this vulnerability, the attacker can gain insight into unreleased Meatmeet devices.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-information-disclosure-md

Third Party Advisory

https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Information-Disclosure.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-200

Status published

Products (1)

meatmeet/meatmeet 1.1.2.0

Published Dec 10, 2025

Tracked Since Feb 18, 2026