CVE-2025-5154 MEDIUM

CVE-2025-5154: PhonePe App SQLite Database databases cleartext storage in a file or on disk

Vendor N/A
Product PhonePe App
Weakness CWE-313
Published May 25, 2025
Last update May 28, 2025

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 25, 2025 CVE published
May 28, 2025 Record updated