JVN#63368617
"FOD" App uses hard-coded cryptographic keys

Overview

"FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys.

Products Affected

• "FOD" App for Android versions prior to 5.2.0
• "FOD" App for iOS versions prior to 5.2.0

Description

"FOD" App provided by Fuji Television Network, Inc. uses hard-coded cryptographic keys

• Use of hard-coded cryptographic key (CWE-321)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 5.1
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 4.0
  • CVE-2025-64304
  • The keys are used in the processing of JWT data.

Impact

The cryptographic keys may be retrieved.

The developer considers that the impact is extremely limited.
For example, account impersonation on their service is difficult under the common situation.

Solution

Update the Software
Update the application to the latest version according to the information provided by the developer.

The developer has released the following versions that do not contain any cryptographic keys.

• "FOD" App for Android version 5.2.0
• "FOD" App for iOS version 5.2.0

The developer states that the affected versions require the users to update immediately when invoked.
The hard-coded keys in the affected versions were invalidated by the developer in November 17, 2025. Communications and processing using these keys are already impossible.