Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Rakuten Viber's Cloak Mode Fails to Hide Traffic from Censors
CVE-2025-13476
Summary
Rakuten Viber's Cloak mode, which is meant to help users bypass online censorship, is not effective in some versions of their Android and Windows apps. This means that governments or internet service providers can easily block Viber traffic, defeating its purpose. Users should update to the latest version of the app to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rakuten | viber | > 25.6.0 , <= 25.8.1.0 | – |
| rakuten | viber | 9.3.0.6 | – |
Original title
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection...
Original description
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
nvd CVSS3.1
9.8
Vulnerability type
CWE-327
Use of a Broken Cryptographic Algorithm
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026