CVE-2019-25605 HIGH

CVE-2019-25605: EquityPandit 1.0 Insecure Logging Information Disclosure

Vendor Play
Product EquityPandit
Weakness CWE-612
Published March 22, 2026
Last update March 23, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Key dates

02Disclosure timeline

March 22, 2026 CVE published
March 23, 2026 Record updated