CVE-2025-11598

Exposure of Confidential Information in mObywatel application

Description

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized This issue was fixed in version 4.71.0

INFO

Published Date :

2026-02-03T11:33:55.993Z

Last Modified :

2026-02-03T15:17:33.953Z

Source :

CERT-PL

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11598 vulnerability.

Vendors	Products
Centralny Osrodek Informatyki	Mobywatel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11598.

URL	Resource
https://cert.pl/posts/2026/02/CVE-2025-11598
https://info.mobywatel.gov.pl/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability