Which versions of Google are affected by CVE-2025-5715?

CVE-2025-5715 is a low-severity vulnerability in A vulnerability (CVSS 3.8). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…

Is there a public PoC exploit available for CVE-2025-5715?

Yes, a public proof-of-concept exploit is available for CVE-2025-5715. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-5715?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Google CVE-2025-5715

Q: What is the CVSS score of CVE-2025-5715?

CVE-2025-5715 has a CVSS 4.0 base score of 0.3 (Low). CVSS vector: CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2025-17044 LOW

Missing Critical Step in Authentication (CWE-304)

2025-06-06 cna@vuldb.com

Information Disclosure Google

0.3

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Physical

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.8 (LOW) 0.3 (LOW)

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17044

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

PoC Detected

Sep 17, 2025 - 19:21 vuln.today

Public exploit code

CVE Published

Jun 06, 2025 - 04:15 nvd

LOW 3.8

DescriptionNVD

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. Affects A vulnerability.

RemediationAI

Monitor vendor channels for patch availability.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-8842 MEDIUM This Month

6.4 May 27

Stored Cross-Site Scripting in the Google+ Link Name WordPress plugin (versions up to and including 1.0) allows authenti

CVE-2025-68712 MEDIUM This Month

5.5 May 27

Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circum

CVE-2026-7552 MEDIUM This Month

5.3 May 28

Authorization bypass in the Geo Mashup WordPress plugin (all versions ≤ 1.13.19) exposes sensitive plugin configuration

CVE-2025-68709 MEDIUM This Month

5.2 May 26

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app send

CVE-2025-5715 vulnerability details – vuln.today

Back