Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-15385

Summary
Assigner-TECNOMobile
Assigner Org ID-907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Published At-06 Jan, 2026 | 01:39
Updated At-06 Jan, 2026 | 19:00
Rejected At-
Credits

Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TECNOMobile
Assigner Org ID:907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Published At:06 Jan, 2026 | 01:39
Updated At:06 Jan, 2026 | 19:00
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.

Affected Products
Vendor
TECNO Mobile
Product
com.afmobi.boomplayer
Default Status
unaffected
Versions
Affected
  • 7.4.63
Problem Types
TypeCWE IDDescription
CWECWE-345CWE-345 Insufficient Verification of Data Authenticity
Type: CWE
CWE ID: CWE-345
Description: CWE-345 Insufficient Verification of Data Authenticity
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.tecno.com/SRC/securityUpdates
N/A
Hyperlink: https://security.tecno.com/SRC/securityUpdates
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Published At:06 Jan, 2026 | 02:15
Updated At:30 Jan, 2026 | 01:13

Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TECNO MOBILE LIMITED
tecno
>>boomplay>>Versions up to 7.4.63(inclusive)
cpe:2.3:a:tecno:boomplay:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-345Secondary907edf6c-bf03-423e-ab1a-8da27e1aa1ea
CWE ID: CWE-345
Type: Secondary
Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.tecno.com/SRC/securityUpdates907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Vendor Advisory
Hyperlink: https://security.tecno.com/SRC/securityUpdates
Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

52Records found
CVE-2020-14115
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 72.45%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 15:33
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.

Action-Not Available
Vendor-n/aXiaomi
Product-ax3600_firmwareax3600Xiaomi Router AX3600
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-36134
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.47%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

Action-Not Available
Vendor-n/aPHPJabbers Ltd.
Product-class_scheduling_systemn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
  • Previous
  • 1
  • 2
  • Next
Details not found