Vulnerability in Emaintenance Crazy Bubble Tea

CVE-2025-14317

In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data. This issue w…

EPSS: 0.002 (16.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References