Insufficient Authentication Protection in Two App Studio Journey on iOS
CVE-2025-41459

7.8HIGH

Key Information:

Vendor: Two App Studio
Status: Journey
Vendor: CVE Published:; 21 July 2025

🔔 Create Two App Studio Vulnerability Alert

What is CVE-2025-41459?

The Two App Studio Journey application version 5.5.6 for iOS exhibits a weakness in its local authentication system. This vulnerability allows local attackers to bypass biometric and PIN-based security measures. By utilizing brute-force techniques, attackers can make repeated attempts to guess the user PIN. Additionally, the vulnerability permits runtime manipulations, such as dynamic code injections, further compromising security. The lack of sufficient safeguards poses significant risks, enabling unauthorized access to sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Journey iOS 0 <= 5.5.9

References

https://www.cirosec.de/sa/sa-2025-006

third-party-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Hannes Allmann (cirosec GmbH) <hannes.allmann@cirosec.de>

JSON

Two App Studio

What is CVE-2025-41459?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.