Skip to main content

Easyshare CVE-2025-15515

| EUVDEUVD-2025-208629 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-03-13 Vivo
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 07:58 euvd
EUVD-2025-208629
Analysis Generated
Mar 13, 2026 - 07:58 vuln.today
CVE Published
Mar 13, 2026 - 06:43 nvd
MEDIUM 6.9

DescriptionCVE.org

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage

AnalysisAI

The EasyShare module contains an authentication bypass vulnerability in a specific feature that allows data leakage when certain conditions are met on a local network. The vulnerability affects users of products implementing the EasyShare module and requires user interaction to exploit, but can result in high-impact confidentiality breach. While the CVSS score of 6.9 indicates medium-high severity, the attack vector is limited to adjacent networks (AV:A) and requires user participation (UI:P), suggesting real-world exploitation may be less prevalent than the numeric score implies.

Technical ContextAI

The vulnerability is rooted in CWE-306 (Missing Authentication Check), indicating that the EasyShare module fails to properly verify user identity or authorization before granting access to a specific feature on local networks. The CVSS:4.0 vector shows the attack requires network adjacency (AV:A), meaning an attacker must be on the same local network segment. The weakness allows an unauthenticated or inadequately authenticated principal to access protected resources, likely due to improper session management, token validation, or credential verification mechanisms within the EasyShare feature set. This type of flaw is particularly dangerous in network-adjacent scenarios where broadcast or multicast discovery mechanisms might expose the vulnerable service to all devices on the local subnet.

RemediationAI

Contact your software vendor for the security advisory and patch release for EasyShare module or products containing this module, then upgrade to the patched version immediately. Until patches are available, implement the following mitigations: restrict EasyShare feature access to trusted local network segments using network access control lists or VLAN segmentation, disable the vulnerable EasyShare feature if not essential to operations, require multi-factor authentication for any accounts that can access EasyShare functionality, and monitor local network traffic for suspicious authentication attempts to the EasyShare service. Review and strengthen local network trust assumptions, particularly in shared or open network environments where untrusted devices may be present.

Share

CVE-2025-15515 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy