react-native-keys insecurely stores encryption cipher and Base64 chunks
- Severity:
- High
Description
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.7.11
References
Related Issues
- React Router has Path Traversal in File Session Storage - CVE-2025-61686
- The AuthKit React Router Library rendered sensitive auth data in HTML - CVE-2025-55008
- Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers - CVE-2025-31137
- Lobe Chat vulnerable to Server-Side Request Forgery with native web fetch module - CVE-2025-62505
You might also like:
- Tags:
- npm
- react-native-keys
Anything's wrong? Let us know Last updated on July 02, 2025


