CVE-2025-57197
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Payeer Android application version 2.5.0, an improper access control vulnerability exists in the PIN change authentication flow. A local attacker with root access can dynamically instrument the app to bypass the current PIN verification and directly modify the authentication PIN. This allows unauthorized users to change the PIN without knowing the original/current PIN.
Risk Assessment
The risk is that an attacker with physical device access and root privileges can take over the Payeer account by changing the authentication PIN, potentially leading to fund theft or unauthorized transactions.
Recommendation
It is recommended to immediately update the Payeer app to the latest version that fixes this vulnerability. Until then, avoid using the app on rooted devices and enable additional security measures such as multi-factor authentication.
Original NVD description (English source)
In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the authentication PIN. This allows unauthorized users to change PIN without knowing the original/current PIN.

