CVE-2025-7892

{"id": "CVE-2025-7892", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-20T14:15:28.100", "references": [{"url": "https://github.com/KMov-g/androidapps/blob/main/de.idnow.md", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "source": "cna@vuldb.com"}, {"url": "https://github.com/KMov-g/androidapps/blob/main/de.idnow.md#steps-to-reproduce", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.317007", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.317007", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.615279", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://github.com/KMov-g/androidapps/blob/main/de.idnow.md", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://github.com/KMov-g/androidapps/blob/main/de.idnow.md#steps-to-reproduce", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-926"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad clasificada como problem\u00e1tica en IDnow App (hasta la versi\u00f3n 9.6.0) de Android. Esta vulnerabilidad afecta a una parte desconocida del archivo AndroidManifest.xml del componente de.idnow. Esta manipulaci\u00f3n provoca la exportaci\u00f3n incorrecta de componentes de la aplicaci\u00f3n Android. Se requiere acceso local para abordar este ataque. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "lastModified": "2025-09-17T14:58:28.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:idnow:idnow:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "F92C2B07-37A7-42A3-8950-64B10613A107", "versionEndIncluding": "9.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}