LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2025-13476

CVE-2025-13476 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 6, 2026

Rakuten Viber - Weak Cryptography

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0ā€“v25.8.1.0 contains weak cryptography caused by static and predictable TLS ClientHello fingerprint lacking extension diversity, letting DPI systems identify and block proxy traffic, exploit requires network traffic interception.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 3.1%(Probability of exploitation in next 30 days)

Impact

DPI systems can identify and block proxy traffic, undermining censorship circumvention and user privacy.

Mitigation

Update to the latest version with improved TLS fingerprint diversity.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 8, 2026

šŸ”“ CVE-2025-13476 - Critical (9.8) Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0ā€“v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block p... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2025-13476/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2025-13476
Severity
Critical
CVSS Score
9.8
Type
weak_cryptography
Status
unconfirmed
EPSS
3.1%
Social Posts
1

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

3.1%Probability of exploitation in the next 30 days