Vulnerabilites related to Union Bank of India - Vyom
CVE-2025-0575 (GCVE-0-2025-0575)
Vulnerability from cvelistv5
Published
2025-01-19 23:00
Modified
2025-01-21 15:04
Severity ?
1.8 (Low) - CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
3.9 (Low) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
3.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
3.9 (Low) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-693 - Protection Mechanism Failure
Summary
A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.292540 | vdb-entry | |
| https://vuldb.com/?ctiid.292540 | signature, permissions-required | |
| https://vuldb.com/?submit.475733 | third-party-advisory | |
| https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Union Bank of India | Vyom |
Version: 8.0.34 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0575",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:03:36.184822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:04:02.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Rooting Detection"
],
"product": "Vyom",
"vendor": "Union Bank of India",
"versions": [
{
"status": "affected",
"version": "8.0.34"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mustafa_alotwala (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Union Bank of India Vyom 8.0.34 f\u00fcr Android wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente Rooting Detection. Mittels Manipulieren mit unbekannten Daten kann eine protection mechanism failure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.4,
"vectorString": "AV:L/AC:H/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-19T23:00:11.533Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-292540 | Union Bank of India Vyom Rooting Detection protection mechanism",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.292540"
},
{
"name": "VDB-292540 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.292540"
},
{
"name": "Submit #475733 | union bank of india Vyom 8.0.34 Missing Immutable Root of Trust in Hardware",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.475733"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1kIXsZoD1FFps0bXQ1pbrfoo76Wy1pL7s/view?usp=drivesdk"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-19T09:13:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Union Bank of India Vyom Rooting Detection protection mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0575",
"datePublished": "2025-01-19T23:00:11.533Z",
"dateReserved": "2025-01-19T08:08:42.167Z",
"dateUpdated": "2025-01-21T15:04:02.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}