Primary

Context

Crazy Bubble Tea Mobile Application Personal Information Exposure Vulnerability

Vulnerability

A vulnerability exists in the Crazy Bubble Tea mobile application, allowing authenticated attackers to access personal information of other users by manipulating the 'loyaltyGuestId' parameter. The server fails to properly validate permissions before disclosing this data. This issue affects all versions prior to 915 on Android and 7.4.1 on iOS.

Impact

Exploitation of this vulnerability could lead to unauthorized access to personal information of users within the application.

Remediation

Users can update to version 915 on Android or 7.4.1 on iOS to address this vulnerability.

Added: Jan 14, 2026, 2:19 PM

Updated: Jan 14, 2026, 5:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crazy Bubble Tea Mobile Application Personal Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating