CRITICAL🇵🇱 Wersja polska

CVE-2025-13476

CVSS 9.8v3.1pub. 2026-03-05upd. 2026-03-10

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)

🤖 AI Analysis
How it works

When establishing a TLS connection, the client sends a ClientHello message containing, among other things, a list of supported ciphers and extensions. In Cloak mode, Viber always uses the same static arrangement of these parameters, creating a unique and recognizable fingerprint (known as JA3 or similar). DPI systems can compare this fingerprint with the application signature and identify the traffic as coming from Viber Cloak mode regardless of the IP address or domain used. As a result, network operators or censors can automatically block such traffic, completely neutralizing the censorship bypass function.

Impact

An attacker or network operator using DPI can reliably identify and block proxy traffic generated by the Cloak mode feature, depriving users of the ability to bypass censorship. In environments with restrictive network controls, this exposes users to disclosure of their use of anti-censorship tools.

Mitigation & patch

Apply patches available from the vendor according to the references. The current version of the application is available at https://www.viber.com/en/download/. It is recommended to update as soon as possible to a version containing a fix implementing diversified TLS ClientHello extensions.

Who is affected

Rakuten Viber for Android version 25.7.2.0g and Rakuten Viber for Windows versions 25.6.0.0 through 25.8.1.0 (Cloak mode).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Rakuten Viber

    APP
    Rakuten
    9.3.0.625.6.0 – 25.8.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-14049HIGH7.5ten sam produkt

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could la...

CVE-2019-18800HIGH8.8ten sam produkt

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Vib...

CVE-2019-12569HIGH7.8ten sam produkt

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary comm...

CVE-2025-55996MEDIUM6.3ten sam produkt

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward int...

CVE-2018-3987MEDIUM5.5ten sam produkt

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Vibe...