CVE ID: CVE-2025-61113
Vulnerability type: Incorrect Access Control
Product: TalkTalk (Android App)
Package Name: com.mole.talktalk
Version: 3.3.6
Vendor: MOLE HK LIMITED
<aside> 💡
NOTE: We reported this issue via email on 2025-09-05. After more than 45 days without any response or remediation from the vendor, we are publishing this report on 2025-10-20 out of concern for transparency and user security. We remain open to cooperating with the vendor should they choose to respond in the future.
</aside>
GET /api/user/snackUser/getUserInfoById?visitUserId=xxx&reffer=other. When viewing another user’s profile, however, the reffer parameter is set to me. A comparison shows that when reffer is other, additional information such as device_id and birthday can be obtained. Thus, an attacker can modify visitUserId and reffer to gain unauthorized access to these details of any user.
api.molelive.com/api/content/room/lastJoinedRoomInfo?personId=xxx, one can obtain the most recent room a user has joined, i.e., a group within the app. By modifying the personId, it is possible to view the join passwords of other rooms and thereby gain access to private rooms.