High severityNVD Advisory· Published Jan 14, 2026· Updated Apr 15, 2026
CVE-2025-14317
CVE-2025-14317
Description
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data.
This issue was fixed in version 915 (Android) and 7.4.1 (iOS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: < 915 (Android) / < 7.4.1 (iOS)
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.