All the vulnerabilites related to Gift Pad Co.,Ltd. - "region PAY" App for Android
cve-2025-52580
Vulnerability from cvelistv5
Published
2025-07-22 04:49
Modified
2025-07-22 15:36
Severity ?
EPSS score ?
Summary
Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jvn.jp/en/jp/JVN07825095/ |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Gift Pad Co.,Ltd. | "region PAY" App for Android |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T15:19:47.477187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:36:00.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\"region PAY\" App for Android",
"vendor": "Gift Pad Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 1.5.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file issue exists in \"region PAY\" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of sensitive information into log file",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T04:49:33.459Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN07825095/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-52580",
"datePublished": "2025-07-22T04:49:33.459Z",
"dateReserved": "2025-07-15T01:02:40.018Z",
"dateUpdated": "2025-07-22T15:36:00.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2025-000050
Vulnerability from jvndb
Published
2025-07-22 13:33
Modified
2025-07-22 13:33
Severity ?
Summary
"region PAY" App for Android vulnerable to insertion of sensitive information into log file
Details
"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability.
<ul><li>Insertion of sensitive information into log file (CWE-532) - CVE-2025-52580</li></ul>
Kubo Naoki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN07825095/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-52580 | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Gift Pad Co.,Ltd. | "region PAY" App for Android |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000050.html",
"dc:date": "2025-07-22T13:33+09:00",
"dcterms:issued": "2025-07-22T13:33+09:00",
"dcterms:modified": "2025-07-22T13:33+09:00",
"description": "\"region PAY\" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eInsertion of sensitive information into log file (CWE-532) - CVE-2025-52580\u003c/li\u003e\u003c/ul\u003e\r\nKubo Naoki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000050.html",
"sec:cpe": {
"#text": "cpe:/a:misc:giftpad_region_pay",
"@product": "\"region PAY\" App for Android",
"@vendor": "Gift Pad Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN07825095/index.html",
"@id": "JVN#07825095",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-52580",
"@id": "CVE-2025-52580",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "\"region PAY\" App for Android vulnerable to insertion of sensitive information into log file"
}