CVE-2025-45083 is a security vulnerability identified in the Ullu application, specifically affecting the Android version v2.9.929 and iOS version v2.8.0. The vulnerability stems from incorrect access control mechanisms within the app, which allow attackers to bypass the parental PIN feature. The parental PIN is typically used to restrict access to certain content or functionalities within the app, intended to protect minors or enforce usage policies. The bypass occurs via unspecified vectors, meaning the exact technical method of exploitation has not been publicly detailed. However, the core issue is that the app fails to properly enforce access restrictions, enabling unauthorized users to circumvent the parental controls. This vulnerability does not have a CVSS score assigned yet, and there are no known exploits in the wild at the time of publication. The lack of patch information suggests that a fix may not yet be available or publicly disclosed. Given that the vulnerability affects both major mobile platforms, Android and iOS, it potentially impacts a broad user base. The parental control bypass could lead to unauthorized access to restricted content, undermining user privacy and control policies embedded in the app.

For European organizations, the impact of this vulnerability largely depends on the context in which the Ullu app is used. If the app is employed within family environments or organizations that rely on parental controls for compliance with child protection regulations (such as the EU's GDPR provisions related to minors or the Audiovisual Media Services Directive), this vulnerability could lead to regulatory compliance issues. Unauthorized access to restricted content could expose minors to inappropriate material, potentially resulting in reputational damage for service providers or organizations recommending the app. Additionally, if the app is used in educational or childcare settings, the bypass could disrupt content control policies, leading to operational challenges. While the vulnerability does not directly compromise device integrity or data confidentiality beyond parental control circumvention, it weakens the trust model of content restriction, which could have indirect consequences on user safety and organizational compliance.

Given the absence of a patch, European organizations and users should take proactive steps to mitigate the risk. First, avoid using the affected versions of the Ullu app (Android v2.9.929 and iOS v2.8.0) until an official update is released. Monitor vendor communications for patches or security advisories. As a temporary measure, consider disabling or limiting the use of parental control features within the app or supplementing them with external parental control solutions that operate at the device or network level. Organizations should also educate users about the potential risks and encourage vigilant monitoring of app usage, especially for minors. From a development perspective, vendors should implement robust access control checks, perform thorough security testing on parental control features, and provide timely patches. Finally, organizations should review their content filtering and compliance policies to ensure they are not solely reliant on vulnerable app-level controls.