CVE-2025-44017

Summary

"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).

Affected Software

VendorProductVersion RangeStatus
Gunosy Inc.“Gunosy” App for Androidversions prior to 7.34.0affected
Gunosy Inc.“Gunosy” App for iOSversions prior to 7.34.0affected

Weaknesses

  • CWE-201: Insertion of sensitive information into sent data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References