CVE-2025-11598 LOW

CVE-2025-11598: Exposure of Confidential Information in mObywatel application

Vendor Centralny Ośrodek Informatyki
Product mObywatel
Weakness CWE-359
Published February 3, 2026
Last update February 3, 2026

CVSS base score

1.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized This issue was fixed in version 4.71.0

Key dates

02Disclosure timeline

February 3, 2026 CVE published
February 3, 2026 Record updated