CVE-2025-25595

CVE-2025-25595 is a vulnerability in Safe App version a3.0.9, stemming from a lack of rate limiting on the login page. This flaw enables attackers to perform brute force attacks to bypass authentication mechanisms. The issue is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts) and carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.

Remote attackers require no privileges, user interaction, or special access to exploit this vulnerability over the network with low complexity. Successful exploitation allows bypassing authentication, potentially granting unauthorized access to the application and its data or functions, resulting in high impacts on confidentiality, integrity, and availability as per the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Advisories and additional details are referenced in sources including https://pastebin.com/t8FthPaF and the Google Play Store page for the affected app at https://play.google.com/store/apps/details?id=com.iitb.cse.arkenstone.safe_v2. The CVE was published on 2025-03-18T17:15:46.203.