CVE-2025-25333

CVE-2025-25333 is a vulnerability in the IKEA CN iOS app version 4.13.0 that enables attackers to access sensitive user information through a crafted link. Published on 2025-02-27, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with network accessibility, low complexity, no privileges or user interaction required, and no effect on integrity or availability. The issue aligns with CWE-200, improper handling of sensitive information exposure.

The attack scenario involves unauthenticated remote attackers crafting and distributing malicious links to targeted users of the vulnerable app. Upon interaction with the link, attackers can retrieve sensitive user data without further authentication, making it exploitable by anyone with basic network reach to potential victims running IKEA CN iOS 4.13.0.

Advisories referenced in https://github.com/ZhouZiyi1/Vuls/blob/main/250116-IKEACN/250116-IKEACN.pdf detail the vulnerability, but no specific patch or mitigation instructions are provided in the available data. Security practitioners should advise users to update the app if newer versions are released and avoid interacting with unsolicited links from IKEA CN sources.