CVE-2025-0590

High

Published: 20 January 2025

Published

20 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0014 34.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.

Security Summary

CVE-2025-0590 involves improper permission settings in the com.transsion.carlcare mobile application, which may lead to an information leakage risk. This vulnerability, published on 2025-01-20, is linked to CWE-732 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no effects on integrity or availability.

The vulnerability can be exploited by a remote, unauthenticated attacker over the network with low attack complexity and no user interaction required. Successful exploitation allows the attacker to access sensitive information stored or handled by the affected application, resulting in unauthorized data disclosure.

Mitigation details are available in advisories from the Tecno Security Response Center, including the specific blog post at https://security.tecno.com/SRC/blogdetail/381?lang=en_US and the security updates page at https://security.tecno.com/SRC/securityUpdates.

Details

CWE(s): CWE-732

References

https://security.tecno.com/SRC/blogdetail/381?lang=en_US
907edf6c-bf03-423e-ab1a-8da27e1aa1ea
https://security.tecno.com/SRC/securityUpdates
907edf6c-bf03-423e-ab1a-8da27e1aa1ea