CVE-2023-25647 MEDIUM

CVE-2023-25647: Permission and Access Control Vulnerability in Some ZTE Mobile Phones

Vendor Zte
Product Some ZTE Mobile Phones
Weakness CWE-269
Published August 17, 2023
Last update October 1, 2024

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.

Key dates

02Disclosure timeline

August 17, 2023 CVE published
October 1, 2024 Record updated