Skip to main content

Android CVE-2025-20060

HIGH
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359)
2025-02-28 ics-cert@hq.dhs.gov
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
CVE Published
Feb 28, 2025 - 17:15 nvd
HIGH 8.7

DescriptionCVE.org

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

AnalysisAI

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-359. An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-21633 HIGH POC
7.8 Jan 03

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK

CVE-2025-48572 HIGH
7.8 Dec 08

Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows bac

CVE-2025-48633 MEDIUM
5.5 Dec 08

CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is av

CVE-2025-59403 CRITICAL POC
9.8 Oct 02

Missing authentication in Flock Safety Collins Android app for ANPR cameras. EPSS 2.7%. PoC available.

CVE-2025-59834 CRITICAL POC
9.8 Sep 25

ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical

CVE-2025-59407 CRITICAL POC
9.8 Oct 02

Hardcoded cryptographic key in Flock Safety DetectionProcessing app for ANPR. PoC available.

CVE-2026-27510 CRITICAL POC
9.6 Feb 26

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote att

CVE-2025-5098 CRITICAL POC
9.1 May 23

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's

CVE-2025-63434 HIGH POC
8.8 Nov 24

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. Rated high severity (

CVE-2025-46335 HIGH POC
8.6 May 05

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo

CVE-2026-24490 HIGH POC
8.1 Jan 27

MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes

CVE-2026-23233 HIGH POC
7.8 Mar 04

F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruptio

Share

CVE-2025-20060 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy