CVE-2025-13476 – Viber for Android – Cloak Proxy TLS Fingerprinting Exposure
“A privacy feature that exposes itself defeats the purpose.”
A patch addresses CVE-2025-13476 in the Viber messaging application for Android. The issue affects the Cloak proxy mode, which is designed to disguise proxy usage and help users bypass network censorship. Due to a flawed TLS handshake implementation, the app sends a static and predictable TLS ClientHello fingerprint. This lack of extension diversity allows Deep Packet Inspection (DPI) systems to easily identify Viber proxy traffic.
The CVSS score is 9.8, which is Critical severity.
Because the TLS fingerprint is rigid and easily recognized, network filtering systems can reliably detect and block Cloak-mode traffic. This undermines the feature’s purpose and may expose users attempting to bypass censorship or network restrictions. Updated versions of Viber modify the TLS behavior to prevent predictable fingerprinting.
Key Details
- Affected Product
- Rakuten Viber
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-327