|
[Japanese]
|
JVNDB-2025-000108
|
"FOD" App uses hard-coded cryptographic keys
|
|
"FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys- Use of hard-coded cryptographic key (CWE-321) - CVE-2025-64304
- The keys are used in the processing of JWT data.
|
|
CVSS V3 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
|
|
|
Fuji Television Network, Inc.
- FOD app for Android versions prior to 5.2.0
- FOD app for IOS versions prior to 5.2.0
|
|
|
The cryptographic keys may be retrieved.
The developer considers that the impact is extremely limited.
For example, account impersonation on their service is difficult under the common situation.
|
|
[Update the Software]
Update the application to the latest version according to the information provided by the developer.
The developer has released the following versions that do not contain any cryptographic keys.- "FOD" App for Android version 5.2.0
- "FOD" App for iOS version 5.2.0
The developer states that the affected versions require the users to update immediately when invoked.
The hard-coded keys in the affected versions were invalidated by the developer in November 17, 2025. Communications and processing using these keys are already impossible.
|
|
Fuji Television Network, Inc.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2025-64304
|
|
- JVN : JVN#63368617
|
|
- [2025/11/25]
Web page was published
|
