CVE-2025-41408_CVE-2025-41408

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack.

Basic Information

ID CVE-2025-41408

Source jpcert

Published Sep 5, 2025 at 05:25

Affected Product

Vendor LY Corporation

Product "Yahoo! Shopping" App for Android

Version versions prior to 14.15.0

Affected Versions LY Corporation "Yahoo! Shopping" App for Android versions prior to 14.15.0

CWE Classification

CWE-939

References

jvn.jp /en/jp/JVN35290164/

{
    "lastseen": "",
    "description": "Improper authorization in handler for custom URL scheme issue in \"Yahoo! Shopping\" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack.",
    "published": "2025-09-05T05:25:15.422Z",
    "modified": "2025-09-05T05:25:15.422Z",
    "type": "cve",
    "title": "CVE-2025-41408",
    "source": "jpcert",
    "references": "https://jvn.jp/en/jp/JVN35290164/",
    "id": "CVE-2025-41408",
    "bulletinFamily": "",
    "cwe": [
        "CWE-939"
    ],
    "cvelist": null,
    "sourceData": "LY Corporation \"Yahoo! Shopping\" App for Android versions prior to 14.15.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "\"Yahoo! Shopping\" App for Android",
    "version": "versions prior to 14.15.0",
    "vendor": "LY Corporation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}