关键信息 漏洞编号 CVE-2025-56466 概要 Summary: The Dietly Android app exposes sensitive API keys in its BuildConfig.java file. This exposure could allow unauthorized access to sensitive data and services, increasing the risk of misuse. 影响版本 Affected Versions: - v1.25.0 漏洞详情 Vulnerability Details: A static code analysis of the Dietly Android app revealed that the BuildConfig.java file contains exposed API keys used in the production environment. These API keys are intended to remain confidential; their exposure in the codebase allows unauthorized individuals to potentially misuse them to access sensitive data or services. 影响 Impact: An API key is essentially a secret password that allows access to a specific service or resource. If this key is exposed, anyone can exploit it to gain unauthorized entry into your systems. This could result in data breaches, service disruptions, or even complete system compromise. 概念验证 Proof of Concept: 1. Decompile the app > Explore com/dietly/panel/BuildConfig.java 2. Observe BuildConfig.java and API Keys 致谢 Credits: Discovered by Dewanand Vishal (dewcode).