Rakuten Viber
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13476 | 0.00 | — | 0.00 | Mar 5, 2026 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining… | |||
| CVE-2025-55996 | 0.00 | — | 0.00 | Sep 12, 2025 | Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface | |||
| CVE-2020-14049 | 0.00 | — | 0.02 | Jun 22, 2020 | Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password… | |||
| CVE-2018-3987 | 0.00 | — | 0.00 | Feb 12, 2020 | An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug… | |||
| CVE-2019-18800 | 0.00 | — | 0.01 | Nov 6, 2019 | Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the… | |||
| CVE-2019-12569 | 0.00 | — | 0.15 | Jun 3, 2019 | A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a… |
- CVE-2025-13476Mar 5, 2026risk 0.00cvss —epss 0.00
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining…
- CVE-2025-55996Sep 12, 2025risk 0.00cvss —epss 0.00
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface
- CVE-2020-14049Jun 22, 2020risk 0.00cvss —epss 0.02
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password…
- CVE-2018-3987Feb 12, 2020risk 0.00cvss —epss 0.00
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug…
- CVE-2019-18800Nov 6, 2019risk 0.00cvss —epss 0.01
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the…
- CVE-2019-12569Jun 3, 2019risk 0.00cvss —epss 0.15
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a…