All the vulnerabilites related to Bharti Airtel - Thanks App
cve-2025-6748
Vulnerability from cvelistv5
Published
2025-06-27 01:31
Modified
2025-06-27 13:44
Severity ?
EPSS score ?
Summary
Bharti Airtel Thanks App files cleartext storage in a file or on disk
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314046 | vdb-entry | |
| https://vuldb.com/?ctiid.314046 | signature, permissions-required | |
| https://vuldb.com/?submit.598122 | third-party-advisory | |
| https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data | related | |
| https://drive.google.com/file/d/1atnjssBq4tHeofoIDbWRH32z9rvA9jez/view?usp=sharing | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Bharti Airtel | Thanks App |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T13:44:18.080221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:44:33.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Thanks App",
"vendor": "Bharti Airtel",
"versions": [
{
"status": "affected",
"version": "4.105.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "honest_corrupt (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Bharti Airtel Thanks App 4.105.4 f\u00fcr Android entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /Android/data/com.myairtelapp/files/. Durch das Manipulieren mit unbekannten Daten kann eine cleartext storage in a file or on disk-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T01:31:06.283Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314046 | Bharti Airtel Thanks App files cleartext storage in a file or on disk",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.314046"
},
{
"name": "VDB-314046 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314046"
},
{
"name": "Submit #598122 | Airtel (Bharti Airtel Limited) Airtel Thanks App 4.105.4 Insecure Local Storage (OWASP Mobile Top 10: M2, M5)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.598122"
},
{
"tags": [
"related"
],
"url": "https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1atnjssBq4tHeofoIDbWRH32z9rvA9jez/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-26T22:07:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bharti Airtel Thanks App files cleartext storage in a file or on disk"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6748",
"datePublished": "2025-06-27T01:31:06.283Z",
"dateReserved": "2025-06-26T20:02:31.752Z",
"dateUpdated": "2025-06-27T13:44:33.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}