CVE-2019-25605 | THREATINT

Description

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

PUBLISHED Reserved 2026-03-22 | Published 2026-03-22 | Updated 2026-03-23 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Improper Authorization of Index Containing Sensitive Information

Product status

1.0

affected

Credits

ManhNho finder

References

www.exploit-db.com/exploits/46933 (ExploitDB-46933) exploit

play.google.com/...s/details?id=com.yieldnotion.equitypandit (Product Reference) product

www.vulncheck.com/...insecure-logging-information-disclosure (VulnCheck Advisory: EquityPandit 1.0 Insecure Logging Information Disclosure) third-party-advisory

cve.org (CVE-2019-25605)

nvd.nist.gov (CVE-2019-25605)

Download JSON