CVE-2025-44017 MEDIUM

CVE-2025-44017

Vendor Gunosy Inc.
Product "Gunosy" App for Android
Weakness CWE-201
Published September 2, 2025
Last update September 2, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).

Key dates

02Disclosure timeline

September 2, 2025 CVE published
September 2, 2025 Record updated