Insufficient Authentication Protection in Two App Studio Journey on iOS
CVE-2025-41459

7.8HIGH

Key Information:

Vendor: Two App Studio
Status: Journey
Vendor: CVE Published:; 21 July 2025

🔔 Create Two App Studio Vulnerability Alert

What is CVE-2025-41459?

The Two App Studio Journey application version 5.5.6 for iOS exhibits a weakness in its local authentication system. This vulnerability allows local attackers to bypass biometric and PIN-based security measures. By utilizing brute-force techniques, attackers can make repeated attempts to guess the user PIN. Additionally, the vulnerability permits runtime manipulations, such as dynamic code injections, further compromising security. The lack of sufficient safeguards poses significant risks, enabling unauthorized access to sensitive information.

Affected Version(s)

Journey iOS 0 < 5.5.9

References

https://www.cirosec.de/sa/sa-2025-006

third-party-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Hannes Allmann (cirosec GmbH) <[email protected]>