216.73.217.24

CVE-2025-61117

· Published 30/10/2025 16:15 · Modified 30/10/2025 21:15

Labels: CVE-2025-61117 2025-10-30CVE-2025-61117CWE-284[email protected]

Essential information

Published
30/10/2025 16:15
Modified
30/10/2025 21:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl.senza), developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful exploitation could result in unauthorized account access, privacy breaches, and misuse of the platform.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
paul itoi / senza cpe:2.3:a:paul_itoi:senza:2.10.15:*:*:*:*:android:*:*

References