Exposed in Plain Sight: Critical Privacy Flaw Defeats Viber’s Anti-Censorship ‘Cloak’ Mode

The CERT Coordination Center (CERT/CC) has issued a vulnerability note regarding a significant privacy flaw in Rakuten Viber, one of the world’s most popular messaging and VoIP applications. The vulnerability, tracked as CVE-2025-13476, reveals that the app’s specialized “Cloak” proxy mode fails in its primary mission: hiding the fact that a user is trying to circumvent network censorship.

While Cloak mode is intended to make proxy or VPN traffic appear as normal web browsing, a “flawed TLS handshake implementation” makes this traffic trivially easy for authorities to identify and block.

The security of Cloak mode relies on its ability to blend into the background of a network’s standard HTTPS traffic. However, researchers discovered that Viber’s implementation on Android and Windows uses a “static and predictable TLS ClientHello fingerprint” that lacks the diversity of a real web browser.

As the CERT/CC note highlights, this implementation creates a “rigid and easily identified fingerprint, making it trivially identifiable by Deep Packet Inspection (DPI) systems”.

The TLS handshake doesn’t mimic the complex, varied structures of modern browsers like Chrome or Firefox. Because the fingerprint is static, automated network filters can immediately flag the connection as “Viber Proxy” rather than “Normal Web Search”. The report warns that “the user has no indication the proxy is not protecting their data” while their traffic is being monitored or throttled.

For users in restrictive digital environments, this flaw is more than a technical bug—it is a threat to their ability to communicate safely. By failing to properly “cloak” the traffic, the app “undermines the app’s ability to circumvent censorship and potentially leading to denial of service in certain cases”.

Authorities can use this easily detectable fingerprint to selectively block Viber traffic at the network level, effectively silencing users who rely on the app’s proxy features to stay connected.

CERT/CC and Rakuten Viber emphasize that a solution is available, and users must update their applications to the latest versions to restore proper proxy functionality.

Platform	Vulnerable Versions	Patched Version
Windows	V25.6.0.0 – V25.8.1.0	V27.3.0.0 or later
Android	V25.7.2.0g	V27.2.0.0g or later

For continued protection, “Windows users can implement automatic updates for Viber” to ensure they receive critical security patches as soon as they are released.