CVE-2025-61118

Published: Oct 30, 2025Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data and groups. Successful exploitation could result in fake account creation, privacy breaches, and misuse of the platform.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://kar1oz.notion.site/mCarFix-Motorists-App-2629a473ecb280ac8679c73098423cf0

Source: cve@mitre.org

Timeline

No history available yet.