CVE Catalog

CVE-2025-57197

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Payeer Android application version 2.5.0, an improper access control vulnerability exists in the PIN change authentication flow. A local attacker with root access can dynamically instrument the app to bypass the current PIN verification and directly modify the authentication PIN. This allows unauthorized users to change the PIN without knowing the original/current PIN.

Risk Assessment

The risk is that an attacker with physical device access and root privileges can take over the Payeer account by changing the authentication PIN, potentially leading to fund theft or unauthorized transactions.

Recommendation

It is recommended to immediately update the Payeer app to the latest version that fixes this vulnerability. Until then, avoid using the app on rooted devices and enable additional security measures such as multi-factor authentication.

Original NVD description (English source)

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS