Improper Certificate Validation in デジラアプリ App for iOS
CVE-2025-60022

2.3LOW

Key Information:

Vendor: Kddi Corporation
Status: 'デジラアプリ' App For iOS
Vendor: CVE Published:; 17 November 2025

🔔 Create Kddi Corporation Vulnerability Alert

What is CVE-2025-60022?

An improper certificate validation vulnerability exists in the デジラアプリ for iOS prior to version 80.10.00. This vulnerability can be exploited in a man-in-the-middle attack scenario, whereby an attacker may intercept and modify encrypted communications between users and the application. Users of the affected version are advised to update their applications to prevent potential eavesdropping and data tampering.

Affected Version(s)

'デジラアプリ' App for iOS prior to ver.80.10.00

References

https://jvn.jp/en/jp/JVN54005037/

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Oct 29, 2025

JSON