Vulnerability in Emaintenance Crazy Bubble Tea
CVE-2025-14317
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data. This issue w…
EPSS: 0.002 (16.1th percentile) — read the EPSS interpretation.
Affected products
- Emaintenance Crazy Bubble Tea — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (product)
- cvd@cert.pl (third-party-advisory)