CVE-2014-5625
Description
The Perfect Kick (aka com.gamegou.PerfectKick.google) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Perfect Kick for Android fails to validate SSL certificates, enabling man-in-the-middle attackers to intercept sensitive data.
Vulnerability
Perfect Kick (com.gamegou.PerfectKick.google) version 1.3.0 for Android does not verify X.509 certificates presented by HTTPS servers. This means the app accepts any certificate, including those from untrusted or malicious sources, without validating the chain of trust. The issue affects all installations of version 1.3.0.
Exploitation
An attacker on the same network as the victim (e.g., public Wi-Fi) can perform a man-in-the-middle attack by presenting a crafted certificate. No user interaction beyond normal app usage is required; the app will connect to the attacker's server as if it were legitimate.
Impact
Successful exploitation allows the attacker to decrypt, read, and modify HTTPS traffic between the app and its backend. Sensitive information transmitted by the app, such as login credentials or personal data, can be stolen. In some cases, arbitrary code execution may be possible depending on how the app processes network data [1].
Mitigation
The vendor has not released a patched version. Users should uninstall the application and avoid using it until an update is provided. As of the note's last revision (2016-11-08), no fix was available [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:gamegou:perfect_kick:1.3.0:*:*:*:*:android:*:*
- Range: 1.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.kb.cert.org/vuls/id/582497nvdThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/105449nvdUS Government Resource
- docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/editnvd
News mentions
0No linked articles in our index yet.