Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-7703

Summary
Assigner-TECNOMobile
Assigner Org ID-907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Published At-16 Jul, 2025 | 09:13
Updated At-17 Jul, 2025 | 15:03
Rejected At-
Credits

Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TECNOMobile
Assigner Org ID:907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Published At:16 Jul, 2025 | 09:13
Updated At:17 Jul, 2025 | 15:03
Rejected At:
▼CVE Numbering Authority (CNA)

Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.

Affected Products
Vendor
TECNO MOBILE LIMITEDTECNO
Product
tech.palm.id
Default Status
unaffected
Versions
Affected
  • 2.5.0.65
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Type: CWE
CWE ID: CWE-287
Description: CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.tecno.com/SRC/blogdetail/428?lang=en_US
N/A
https://security.tecno.com/SRC/securityUpdates
N/A
Hyperlink: https://security.tecno.com/SRC/blogdetail/428?lang=en_US
Resource: N/A
Hyperlink: https://security.tecno.com/SRC/securityUpdates
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Published At:16 Jul, 2025 | 09:15
Updated At:17 Jul, 2025 | 15:15

Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-287Secondary907edf6c-bf03-423e-ab1a-8da27e1aa1ea
CWE ID: CWE-287
Type: Secondary
Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.tecno.com/SRC/blogdetail/428?lang=en_US907edf6c-bf03-423e-ab1a-8da27e1aa1ea
N/A
https://security.tecno.com/SRC/securityUpdates907edf6c-bf03-423e-ab1a-8da27e1aa1ea
N/A
Hyperlink: https://security.tecno.com/SRC/blogdetail/428?lang=en_US
Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Resource: N/A
Hyperlink: https://security.tecno.com/SRC/securityUpdates
Source: 907edf6c-bf03-423e-ab1a-8da27e1aa1ea
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-6172
Matching Score-6
Assigner-TECNO Mobile Limited
ShareView Details
Matching Score-6
Assigner-TECNO Mobile Limited
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 19.40%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 08:41
Updated-16 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.

Action-Not Available
Vendor-TECNO MOBILE LIMITED
Product-com.afmobi.boomplayer
CWE ID-CWE-287
Improper Authentication
CVE-2024-12603
Matching Score-6
Assigner-TECNO Mobile Limited
ShareView Details
Matching Score-6
Assigner-TECNO Mobile Limited
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.52%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 02:54
Updated-14 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.

Action-Not Available
Vendor-TECNO MOBILE LIMITED
Product-com.transsion.applock
CWE ID-CWE-287
Improper Authentication
CVE-2025-1298
Matching Score-6
Assigner-TECNO Mobile Limited
ShareView Details
Matching Score-6
Assigner-TECNO Mobile Limited
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.53%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 07:40
Updated-18 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.

Action-Not Available
Vendor-TECNO MOBILE LIMITED
Product-com.transsion.carlcare
CWE ID-CWE-287
Improper Authentication
CVE-2024-3701
Matching Score-6
Assigner-TECNO Mobile Limited
ShareView Details
Matching Score-6
Assigner-TECNO Mobile Limited
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.77%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 07:56
Updated-17 Jun, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication in com.transsion.kolun.aiservice

The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services.

Action-Not Available
Vendor-TECNO MOBILE LIMITED
Product-hioscom.transsion.kolun.aiservicehios
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-39890
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 17:34
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-287
Improper Authentication
Details not found