CVE-2025-56467
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk22th percentile - higher than 22% of all known CVEs
Summary
An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. The supplier claims this is an intended feature and does not reveal much sensitive data.
Risk Assessment
The risk involves unauthorized access to users' financial data, potentially leading to privacy breaches, identity theft, or exploitation of information for further social engineering attacks.
Recommendation
It is recommended to immediately update the Axis Bank mobile app to the latest version and implement authentication mechanisms (e.g., UPI PIN) for accessing sensitive data. Users should also monitor their accounts for suspicious activity.
Original NVD description (English source)
An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information."

