PatchSiren cyber security CVE debrief
CVE-2025-1395 Codriapp Innovation and Software Technologies Inc. CVE debrief
A Generation of Error Message Containing Sensitive Information vulnerability was discovered in HeyGarson by Codriapp Innovation and Software Technologies Inc. This vulnerability, tracked as CVE-2025-1395, has a CVSS score of 8.2 and is classified as HIGH severity. The issue affects HeyGarson versions through 30012026 and allows for fuzzing for application mapping. The vendor, Codriapp Innovation and Software Technologies Inc., was contacted multiple times regarding the fixing process but did not respond.
- Vendor
- Codriapp Innovation and Software Technologies Inc.
- Product
- HeyGarson
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-30
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-01-30
- Advisory updated
- 2026-06-06
Who should care
Users of HeyGarson by Codriapp Innovation and Software Technologies Inc. should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
CVE-2025-1395 is a vulnerability in HeyGarson that allows for fuzzing for application mapping due to the generation of error messages containing sensitive information. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N and is classified under CWE-209.
Defensive priority
HIGH
Recommended defensive actions
- Users of affected HeyGarson versions should update to a patched version as soon as available.
- In the absence of a patch, users should consider implementing additional security measures to mitigate the risk of fuzzing for application mapping.
Evidence notes
The CVE record was published on January 30, 2026, and last modified on June 6, 2026. The vulnerability details were obtained from the CVE.org record and the NVD detail page.
Official resources
CVE-2025-1395 was published on 2026-01-30T09:15:49.610Z and last modified on 2026-06-06T08:16:50.060Z.