Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Thanks App by Bharti Airtel

    CVE-2025-6748 (GCVE-0-2025-6748)

    Vulnerability from nvd – Published: 2025-06-27 01:31 – Updated: 2025-06-27 13:44
    VLAI
    Title
    Bharti Airtel Thanks App files cleartext storage in a file or on disk
    Summary
    A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-313 - Cleartext Storage in a File or on Disk
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Bharti Airtel Thanks App Affected: 4.105.4
    Create a notification for this product.
    Credits
    honest_corrupt (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6748",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T13:44:18.080221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T13:44:33.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Thanks App",
              "vendor": "Bharti Airtel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.105.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "honest_corrupt (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in Bharti Airtel Thanks App 4.105.4 f\u00fcr Android entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /Android/data/com.myairtelapp/files/. Durch das Manipulieren mit unbekannten Daten kann eine cleartext storage in a file or on disk-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-313",
                  "description": "Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T01:31:06.283Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314046 | Bharti Airtel Thanks App files cleartext storage in a file or on disk",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.314046"
            },
            {
              "name": "VDB-314046 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314046"
            },
            {
              "name": "Submit #598122 | Airtel (Bharti Airtel Limited) Airtel Thanks App 4.105.4 Insecure Local Storage (OWASP Mobile Top 10: M2, M5)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.598122"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1atnjssBq4tHeofoIDbWRH32z9rvA9jez/view?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-26T22:07:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Bharti Airtel Thanks App files cleartext storage in a file or on disk"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6748",
        "datePublished": "2025-06-27T01:31:06.283Z",
        "dateReserved": "2025-06-26T20:02:31.752Z",
        "dateUpdated": "2025-06-27T13:44:33.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6748 (GCVE-0-2025-6748)

    Vulnerability from cvelistv5 – Published: 2025-06-27 01:31 – Updated: 2025-06-27 13:44
    VLAI
    Title
    Bharti Airtel Thanks App files cleartext storage in a file or on disk
    Summary
    A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-313 - Cleartext Storage in a File or on Disk
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Bharti Airtel Thanks App Affected: 4.105.4
    Create a notification for this product.
    Credits
    honest_corrupt (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6748",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-27T13:44:18.080221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-27T13:44:33.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Thanks App",
              "vendor": "Bharti Airtel",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.105.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "honest_corrupt (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in Bharti Airtel Thanks App 4.105.4 f\u00fcr Android entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /Android/data/com.myairtelapp/files/. Durch das Manipulieren mit unbekannten Daten kann eine cleartext storage in a file or on disk-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-313",
                  "description": "Cleartext Storage in a File or on Disk",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T01:31:06.283Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314046 | Bharti Airtel Thanks App files cleartext storage in a file or on disk",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.314046"
            },
            {
              "name": "VDB-314046 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314046"
            },
            {
              "name": "Submit #598122 | Airtel (Bharti Airtel Limited) Airtel Thanks App 4.105.4 Insecure Local Storage (OWASP Mobile Top 10: M2, M5)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.598122"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://drive.google.com/file/d/1atnjssBq4tHeofoIDbWRH32z9rvA9jez/view?usp=sharing"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-26T22:07:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Bharti Airtel Thanks App files cleartext storage in a file or on disk"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6748",
        "datePublished": "2025-06-27T01:31:06.283Z",
        "dateReserved": "2025-06-26T20:02:31.752Z",
        "dateUpdated": "2025-06-27T13:44:33.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }