Cyber Resilience

CVE-2025-65826

Critical

Published: 10 December 2025

Published
10 December 2025
Modified
30 December 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 14.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65826 is a critical-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Meatmeet Meatmeet. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of…

more

the vendor. Additionally, if an attacker were located in close physical proximity to the device when it was first set up, they may be able to force the device to auto-connect to an attacker-controlled access point by setting the SSID and password to the same as which was found in the firmware file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1110.002 Password Cracking Credential Access
Adversaries may use password cracking to attempt to recover usable credentials, such as plaintext passwords, when credential material such as password hashes are obtained.
T1529 System Shutdown/Reboot Impact
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
T1531 Account Access Removal Impact
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
T1557.004 Evil Twin Credential Access
Adversaries may host seemingly genuine Wi-Fi access points to deceive users into connecting to malicious networks as a way of supporting follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Hardcoded/stored Wi-Fi credentials in app/firmware enable T1552.001 and T1078.001; cleartext HTTP traffic enables T1040 (sniffing), T1557 (MiTM), T1110.002 (crack login hash); BLE unauthenticated commands enable T1529 (shutdown/reboot) and T1531 (clear config removes device account access); extracted creds enable T1557.004 (evil twin AP).

Affected Assets

meatmeet
meatmeet
1.1.2.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-312

Training on secure data handling discourages cleartext storage of sensitive information.

addresses: CWE-312

Data action mapping can detect storage actions that leave sensitive information in cleartext.

addresses: CWE-312

Configuration policies can mandate secure storage methods to avoid cleartext storage of sensitive information.

addresses: CWE-312

Policy requires protection measures such as encryption for sensitive data stored on media, preventing cleartext exposure.

addresses: CWE-312

Key-management policy requires protected storage of key material, preventing cleartext storage of sensitive cryptographic keys.

addresses: CWE-312

Requiring confidentiality protection for information at rest eliminates cleartext storage of sensitive data on persistent media.

addresses: CWE-312

Reduces cleartext storage of sensitive data when OPSEC identifies and mandates protection of key information artifacts.

References