Skip to main content

Viber

5 CVEs product

Monthly

CVE-2025-13476 CRITICAL Act Now

Static TLS fingerprint in Rakuten Viber Cloak mode enables tracking despite privacy mode.

Windows Android TLS Viber
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-55996 MEDIUM This Month

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Viber
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2020-14049 HIGH POC This Week

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Viber
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-18800 HIGH POC This Week

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Viber
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-12569 HIGH This Week

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Viber
NVD GitHub
CVSS 3.0
7.8
EPSS
15.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Static TLS fingerprint in Rakuten Viber Cloak mode enables tracking despite privacy mode.

Windows Android TLS +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Viber
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Viber
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Viber
NVD
EPSS 15% CVSS 7.8
HIGH This Week

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Viber
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy