CVE Details
Basic Information
| Title | IDnow App de.idnow AndroidManifest.xml improper export of android application components |
|---|---|
| Type | cve |
| Published | 2025-07-20T13:14:05.309Z |
| Modified | 2025-07-20T13:14:05.309Z |
Product Information
| Vendor | n/a |
|---|---|
| Product | IDnow App |
| Version | 9.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A vulnerability in the IDnow App (versions up to 9.6.0) on Android allows improper export of application components via the AndroidManifest.xml file. This issue requires local access to exploit and has been publicly disclosed. The vendor did not respond to the disclosure. |
|---|---|
| AI Severity | Medium |
| AI Vendor | IDnow GmbH |
| AI Product | IDnow App |
| AI Version | 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6.0 |
Affected Products
- n/a IDnow App 9.0
- n/a IDnow App 9.1
- n/a IDnow App 9.2
- n/a IDnow App 9.3
- n/a IDnow App 9.4
- n/a IDnow App 9.5
- n/a IDnow App 9.6.0
Additional Information
| CWE List | CWE-926 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.