CVE-2025-57197_CVE-2025-57197

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN.

AI Analysis

Improper access control in Payeer Android app allows PIN change bypass via dynamic instrumentation.

Basic Information

ID CVE-2025-57197

Source mitre

Published Sep 29, 2025 at 00:00

Modified Sep 29, 2025 at 19:57

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 6.5 / 10

AI Severity MEDIUM

Vendor Payeer

Product Payeer Android Application

Version 2.5.0

References

{
    "lastseen": "",
    "description": "In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN.",
    "published": "2025-09-29T00:00:00.000Z",
    "modified": "2025-09-29T19:57:07.175Z",
    "type": "cve",
    "title": "CVE-2025-57197",
    "source": "mitre",
    "references": "http://payeer.com\nhttps://drive.google.com/drive/folders/1FHn4dFHeJ6W1IKlsB447v_hJoqqF9qgv?usp=sharing\nhttps://payeer.com\nhttps://medium.com/@mhamdanali81/cve-2025-57197-breaking-the-pin-in-payeers-android-app-31e3cdee02ef",
    "id": "CVE-2025-57197",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "Improper access control in Payeer Android app allows PIN change bypass via dynamic instrumentation.",
    "ai_severity": "MEDIUM",
    "ai_vendor": "Payeer",
    "ai_product": "Payeer Android Application",
    "ai_version": "2.5.0",
    "ai_score": 6.5
}