Home

Description

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)

PUBLISHED Reserved 2025-11-20 | Published 2026-03-05 | Updated 2026-03-06 | Assigner certcc

Problem types

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

CWE-693

Product status

25.7.2.0g (custom) before 27.2.0.0g
affected

v25.6.0.0 (custom) before v27.3.0.0
affected

References

www.kb.cert.org/vuls/id/772695

www.viber.com/en/download/

cve.org (CVE-2025-13476)

nvd.nist.gov (CVE-2025-13476)

Download JSON