Information Disclosure Vulnerability in DuoxMe Application for iOS Devices
CVE-2025-2909

6.9MEDIUM

Key Information:

Vendor: Fermax
Status: Duoxme iOS Application
Vendor: CVE Published:; 28 March 2025

What is CVE-2025-2909?

The DuoxMe application, previously known as Blue, contains a significant vulnerability due to the absence of encryption in its application binary for iOS devices. This flaw permits attackers to access the application code, leading to the potential exposure of sensitive user information. Users of versions prior to 3.3.1 are particularly at risk, highlighting the critical importance of upgrading to the latest version to safeguard their data.

Affected Version(s)

DuoxMe iOS application 0 < 3.3.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Fermax cybersecurity team

CVE-2025-2909 Data

JSON