← back
CVE-2025-41458

Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS

CVSS 5.5 MEDIUMEPSS 0.1%CWE-312
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Two App Studio · Journey

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cirosec.de/sa/sa-2025-005