Soroush IM Desktop App Authentication Bypass Vulnerability in Database Injection

Vulnerability

An authentication bypass vulnerability has been identified in Soroush IM Desktop App version 0.17.0. This vulnerability allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Exploitation involves injecting malicious database records into the application's database files, which can unlock the client and grant access to all stored data, including chats, images, and files, without needing to know the original passcode.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to the application's data and features.

Added: May 26, 2026, 7:42 PM

Updated: May 26, 2026, 7:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.6

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Soroush IM Desktop App Authentication Bypass Vulnerability in Database Injection

Vulnerability

Impact

Affected Products

Soroush IM Desktop App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating