VYPR
High severityNVD Advisory· Published Jan 14, 2026· Updated Apr 15, 2026

CVE-2025-14317

CVE-2025-14317

Description

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data.

This issue was fixed in version 915 (Android) and 7.4.1 (iOS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.