216.73.216.215

CVE-2025-61116

· Published 30/10/2025 16:15 · Modified 30/10/2025 21:15

Labels: CVE-2025-61116 2025-10-30CVE-2025-61116CWE-284[email protected]

Essential information

Published
30/10/2025 16:15
Modified
30/10/2025 21:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be manipulated by attackers to gain unauthorized access to user accounts. Successful exploitation could result in account compromise, privacy breaches, and misuse of the platform.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
scriptsbundle / adforest cpe:2.3:a:scriptsbundle:adforest:4.0.12:*:*:*:*:*:*:*

References