Android
CVE-2025-20060
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.
AnalysisAI
An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-359. An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK
Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows bac
CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is av
Missing authentication in Flock Safety Collins Android app for ANPR cameras. EPSS 2.7%. PoC available.
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. Rated critical
Hardcoded cryptographic key in Flock Safety DetectionProcessing app for ANPR. PoC available.
Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote att
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. Rated high severity (
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes
F2FS swapfile memory corruption in Linux kernel 6.6+ allows local attackers with user privileges to cause data corruptio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today