CVE-2025-46018

{"id": "CVE-2025-46018", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-08-01T14:15:35.260", "references": [{"url": "https://github.com/niranjangaire1995/CVE-2025-46018-CSC-Pay-Mobile-App-Payment-Authentication-Bypass", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cscsw.com/disclosure-process/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss."}, {"lang": "es", "value": "CSC Pay Mobile App 2.19.4 (corregida en la versi\u00f3n 2.20.0) contiene una vulnerabilidad que permite a los usuarios eludir la autorizaci\u00f3n de pago desactivando el Bluetooth en un momento espec\u00edfico durante la transacci\u00f3n. Esto podr\u00eda resultar en el uso no autorizado de los servicios de lavander\u00eda y posibles p\u00e9rdidas econ\u00f3micas."}], "lastModified": "2025-10-14T13:36:46.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cscsw:pay_mobile:2.19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "348C8116-5081-42BD-A756-26D29AD84247"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}