CVE-2020-25900
5.3 MEDIUMHelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city
Published: 2026-06-05 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-359
Description
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. (The client side was changed in 2019 to encrypt that database.)
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-26237 — A missing authorization vulnerability has been reported to affect QuMagie
- CVE-2026-25699 — Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
- CVE-2026-8990 — A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full acc...
- CVE-2025-13477 — Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operatio... (7.1 HIGH)
- CVE-2026-7382 — Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerabili... (6.5 MEDIUM)