Home / Vulnerability Intelligence / CVE-2025-13476

CVE-2025-13476 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 6, 2026

Rakuten Viber - Weak Cryptography

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 contains weak cryptography caused by static and predictable TLS ClientHello fingerprint lacking extension diversity, letting DPI systems identify and block proxy traffic, exploit requires network traffic interception.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

DPI systems can identify and block proxy traffic, undermining censorship circumvention and user privacy.

Mitigation

Update to the latest version with improved TLS fingerprint diversity.

References

https://www.viber.com/en/download/
https://www.kb.cert.org/vuls/id/772695

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-13476
Severity: Critical
CVSS Score: 9.8
Type: weak_cryptography
Status: unconfirmed

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H