CVE-2025-41458: Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s file system.
During an analysis of the iOS app, it was discovered that sensitive user data, including diary entries, authentication tokens, and cryptographic material, is stored unencrypted in both the app’s main SQLite database and its Write-Ahead Log (WAL) file. The WAL is a temporary SQLite file that records database changes before they are committed, often retaining sensitive data even after deletion. This exposes private content and key material to local attackers with access to the device’s file system.
We generally recommend encrypting local data using SQLCipher, storing keys securely in the iOS keychain with Secure Enclave protection, and disabling or regularly cleaning up WAL files to prevent recovery of deleted data.
The issue remains unresolved at the time of writing, despite the releases of newer versions of the app since the responsible disclosure. The vulnerability was not acknowledged or fixed by Two App Studio within 120 days. For this reason, we are releasing this information to the public to allow affected users to protect themselves.
This security advisory covers vulnerabilities identified exclusively in the iOS version of the application. Other platforms such as Android or Windows were not tested.
CVSS Score
5.5 (CVSS v3.1)
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Version
v5.5.6 – v5.5.9 (latest at the time of release)
Credits
Hannes Allmann (cirosec GmbH)