EUVD-2025-208629

| CVE-2025-15515 MEDIUM
2026-03-13 Vivo
6.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
P

Lifecycle Timeline

3
Analysis Generated
Mar 13, 2026 - 07:58 vuln.today
EUVD ID Assigned
Mar 13, 2026 - 07:58 euvd
EUVD-2025-208629
CVE Published
Mar 13, 2026 - 06:43 nvd
MEDIUM 6.9

Tags

Authentication Bypass Information Disclosure Easyshare

Description

The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage

Analysis

The EasyShare module contains an authentication bypass vulnerability in a specific feature that allows data leakage when certain conditions are met on a local network. The vulnerability affects users of products implementing the EasyShare module and requires user interaction to exploit, but can result in high-impact confidentiality breach. While the CVSS score of 6.9 indicates medium-high severity, the attack vector is limited to adjacent networks (AV:A) and requires user participation (UI:P), suggesting real-world exploitation may be less prevalent than the numeric score implies.

Technical Context

The vulnerability is rooted in CWE-306 (Missing Authentication Check), indicating that the EasyShare module fails to properly verify user identity or authorization before granting access to a specific feature on local networks. The CVSS:4.0 vector shows the attack requires network adjacency (AV:A), meaning an attacker must be on the same local network segment. The weakness allows an unauthenticated or inadequately authenticated principal to access protected resources, likely due to improper session management, token validation, or credential verification mechanisms within the EasyShare feature set. This type of flaw is particularly dangerous in network-adjacent scenarios where broadcast or multicast discovery mechanisms might expose the vulnerable service to all devices on the local subnet.

Affected Products

The EasyShare module is the confirmed affected component, though the specific product name and version range have not been disclosed in the provided intelligence. Patch availability and CPE strings are required from the vendor security advisory to identify the exact affected products and versions. Organizations using products that integrate the EasyShare module should consult their vendor's official security advisory for affected version ranges and patch release timelines.

Remediation

Contact your software vendor for the security advisory and patch release for EasyShare module or products containing this module, then upgrade to the patched version immediately. Until patches are available, implement the following mitigations: restrict EasyShare feature access to trusted local network segments using network access control lists or VLAN segmentation, disable the vulnerable EasyShare feature if not essential to operations, require multi-factor authentication for any accounts that can access EasyShare functionality, and monitor local network traffic for suspicious authentication attempts to the EasyShare service. Review and strengthen local network trust assumptions, particularly in shared or open network environments where untrusted devices may be present.

Priority Score

35
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: 0

Share

EUVD-2025-208629 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy