CVE-2025-21615 MEDIUM

CVE-2025-21615: AAT allows data exfiltration by other apps installed on the same device

Vendor Bailuk
Product AAT
Weakness CWE-200 · Info exposure
Published January 6, 2025
Last update January 6, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.

Key dates

02Disclosure timeline

January 6, 2025 CVE published
January 6, 2025 Record updated