CVE-2025-3329

Consumer Comanda Mobile Restaurant Order cleartext transmission

CVSS 2.3 LOWEPSS 0.3%CWE-310 CWE-319

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 2.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

07 Apr 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Consumer · Comanda Mobile

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://medium.com/@davimouar/from-order-to-exploit-a-deep-dive-into-restaurant-network-security-64aeaf3a6f64 https://vuldb.com/?ctiid.303543 https://vuldb.com/?id.303543 https://vuldb.com/?submit.551790