Primary

Context

Sogexia Android App Hardcoded Encryption Keys Vulnerability

Vulnerability

A vulnerability exists in the Sogexia Android application, specifically in versions compiled with SDK 35 and prior to 36. The issue involves hardcoded encryption keys embedded in the 'encryption_helper.dart' file. This vulnerability was identified through static analysis and reverse engineering of the app's APK, revealing Base64-encoded cryptographic material, including sequences resembling AES keys, directly embedded in the code.

Impact

The hardcoded keys could be extracted and potentially misused, leading to unauthorized access or manipulation of encrypted data.

Remediation

Users of the Sogexia Android app should update to version 36 or later, where this vulnerability has been addressed by removing hardcoded keys and likely implementing a secure key management process.

Added: Nov 12, 2025, 4:21 PM

Updated: Nov 12, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

1.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

1.0

threat

6.4

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sogexia Android App Hardcoded Encryption Keys Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating