CVE-2025-50862

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50862
The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
http://comlotuscarsdomesticintl.com
http://lotus.com
https://github.com/JackSessions/Jack-Sessions-CVEs/tree/main
Configurations

No configuration.

History

No history.

Information

Published : 2025-08-14 20:15

Updated : 2025-08-18 19:15

NVD link : CVE-2025-50862

Mitre link : CVE-2025-50862

CVE.ORG link : CVE-2025-50862

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor