Viber
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13476 | 0.00 | — | 0.00 | Mar 5, 2026 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327) | |||
| CVE-2025-55996 | 0.00 | — | 0.00 | Sep 12, 2025 | Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface |
- CVE-2025-13476Mar 5, 2026risk 0.00cvss —epss 0.00
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
- CVE-2025-55996Sep 12, 2025risk 0.00cvss —epss 0.00
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface