CVE-2025-2190
Published: 11 March 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-2190 is a man-in-the-middle (MITM) attack vulnerability affecting the mobile application com.transsnet.store, which may lead to code injection risks. Published on 2025-03-11, the issue is classified under CWE-297 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential impacts on confidentiality, integrity, and availability.
The vulnerability enables exploitation over a network by an unauthenticated attacker with no required privileges or user interaction, though it demands high attack complexity, such as positioning for MITM interception. Successful attacks could allow code injection, compromising the application's security and potentially leading to arbitrary code execution on affected devices.
Mitigation guidance and further details are available in advisories from Tecno Security Response Center at https://security.tecno.com/SRC/blogdetail/393?lang=en_US and https://security.tecno.com/SRC/securityUpdates.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability explicitly described as MITM attack enabling code injection and arbitrary code execution on client app, mapping to Adversary-in-the-Middle and Exploitation for Client Execution.