CVE-2025-13476
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rakuten Viber | Rakuten Viber Cloak - Android | 25.7.2.0g < 27.2.0.0g | affected |
| Rakuten Viber | Rakuten Viber Cloak - Windows | v25.6.0.0 < v27.3.0.0 | affected |
Weaknesses
- CWE-327 Use of a Broken or Risky Cryptographic Algorithm
- CWE-693
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.