On this page you will find all the information about the vulnerabilities we have analysed and fixed in relation to our connected products and services.
Please contact us using the button below if you find a vulnerability that is not listed in the tables below. For more information about our vulnerability management policy, please visit this page.
On this page you will find all the information about the vulnerabilities we have analysed and fixed in relation to our connected products and services.
Please contact us using the button below if you find a vulnerability that is not...
On this page you will find all the information about the vulnerabilities we have analysed and fixed in relation to our connected products and services.
Please contact us using the button below if you find a vulnerability that is not listed in the tables below. For more information about our vulnerability management policy, please visit this page.
| Name | CVE | CVSS 4.0 | Affected version | Description |
|---|---|---|---|---|
| Insecure Sensitive Information Storage vulnerability. | CVE-2025-10971 | 8.8 | < v2.2.6 | Insecure storage of sensitive information in the MeetMe application for iOS and Android, in versions prior to v2.2.6, allows an attacker to retrieve sensitive data embedded in the application. |
| Improper Restriction of Excessive Authentication Attempts vulnerability. | CVE-2025-2911 | 5.3 | < v2024-09 | Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions. |
| User enumeration vulnerability. | CVE-2025-2910 | 6.9 | < v2024-09 | User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages. |
| Insufficiently Protected Credentials vulnerability. | CVE-2025-2908 | 8.5 | < v2024-09 | The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. |
| Name | CVE | CVSS 4.0 | Affected version | Description |
|---|---|---|---|---|
| Lack of encryption vulnerability in DuoxMe | CVE-2025-2909 | 6.9 | < 3.3.1 | The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information. |
