Unencrypted Database Storage Vulnerability in Two App Studio Journey for iOS
CVE-2025-41458

5.5MEDIUM

Key Information:

Vendor: Two App Studio
Status: Journey
Vendor: CVE Published:; 21 July 2025

🔔 Create Two App Studio Vulnerability Alert

What is CVE-2025-41458?

The Two App Studio Journey application version 5.5.9 for iOS has a significant vulnerability related to unencrypted storage in its database. This security flaw allows local attackers to gain unauthorized access to sensitive data by directly accessing the app's filesystem, potentially compromising user information stored without adequate encryption. It highlights the need for improved security measures in mobile application data management to prevent unauthorized data exposure.

Affected Version(s)

Journey iOS 0 <= 5.5.9

References

https://www.cirosec.de/sa/sa-2025-005

third-party-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Hannes Allmann (cirosec GmbH) <[email protected]>