CVE-2025-60022 is an improper certificate validation vulnerability identified in the 'デジラアプリ' (Dejira App) for iOS developed by KDDI CORPORATION. The flaw exists in versions prior to 80.10.00 and allows an attacker positioned on the same network path as the victim to perform a man-in-the-middle (MITM) attack. Due to improper validation of SSL/TLS certificates, the app may accept fraudulent certificates, enabling the attacker to decrypt, eavesdrop on, or tamper with encrypted communications between the app and its backend servers. The vulnerability does not require any user interaction or privileges, but exploitation complexity is high because the attacker must be able to intercept network traffic, typically on untrusted or public Wi-Fi networks. The CVSS v3.0 score is 4.8 (medium), reflecting limited impact on confidentiality and integrity, no impact on availability, and no authentication required. No known exploits have been reported in the wild as of the publication date. This vulnerability highlights the critical importance of robust certificate validation in mobile applications to prevent interception of sensitive data.

For European organizations, the primary impact is the potential compromise of confidentiality and integrity of data transmitted via the 'デジラアプリ' iOS app. Organizations with employees or customers using this app could have sensitive communications intercepted or altered by attackers, especially when connected to insecure networks. This could lead to leakage of proprietary or personal information, undermining trust and potentially violating data protection regulations such as GDPR. While the app's user base in Europe may be limited compared to Japan, multinational companies with Japanese operations or partners may be affected. The lack of availability impact means business continuity is unlikely to be disrupted, but data security and privacy risks remain significant. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits after public disclosure.

To mitigate this vulnerability, affected users should promptly update the 'デジラアプリ' app to version 80.10.00 or later, where the certificate validation issue is fixed. Organizations should enforce policies requiring up-to-date app versions on employee devices. Network security controls such as enforcing the use of trusted VPNs or secure Wi-Fi can reduce exposure to MITM attacks. Additionally, network monitoring for suspicious SSL/TLS anomalies may help detect attempted exploitation. Developers and security teams should review and strengthen certificate validation logic in mobile applications, employing certificate pinning or robust validation libraries where feasible. User education on avoiding untrusted networks and recognizing suspicious network behavior can further reduce risk. Finally, organizations should consider assessing the necessity of this app within their environment and explore alternatives if risk tolerance is low.