CVE-2025-14317
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a loyaltyGuestId parameter. Server does not verify the permissions required to obtain the data.
This issue was fixed in version 915 (Android) and 7.4.1 (iOS).
No affected software listed.
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime