CVE-2025-52294
📋 TL;DR
This vulnerability allows physically proximate attackers to bypass the screen lock mechanism in Trust Wallet v8.45 and view wallet balances without authentication. It affects mobile users who have the vulnerable version installed and leave their devices unattended. The attack requires physical access to the device.
💻 Affected Systems
- Trust Wallet
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains unauthorized access to view cryptocurrency balances and potentially initiate transactions if other authentication mechanisms are also bypassed.
Likely Case
Unauthorized viewing of wallet balances, exposing financial information and potentially enabling social engineering or targeted attacks.
If Mitigated
Limited information disclosure with no transaction capability if proper PIN/biometric authentication remains intact for transactions.
🎯 Exploit Status
The exploit requires physical device access and specific timing/sequence to bypass screen lock. Technical details are publicly available in the reference link.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v8.46 or later
Vendor Advisory: https://pastebin.com/3K4kt713
Restart Required: No
Instructions:
1. Open your device's app store (Google Play Store or Apple App Store). 2. Search for Trust Wallet. 3. If an update is available, tap Update. 4. Ensure version is 8.46 or higher.
🔧 Temporary Workarounds
Enable Additional Authentication
allEnable biometric authentication (fingerprint/face ID) in addition to screen lock for wallet access.
Physical Security Controls
allNever leave device unattended in public spaces, enable auto-lock with short timeout, use device encryption.
🧯 If You Can't Patch
- Uninstall Trust Wallet v8.45 and use alternative wallet software
- Keep device physically secured at all times and never leave unattended
🔍 How to Verify
Check if Vulnerable:
Open Trust Wallet, go to Settings > About, check if version is exactly 8.45.Check Version:
Not applicable - check version in app settingsVerify Fix Applied:
Update to version 8.46 or higher via app store, then verify screen lock properly prevents unauthorized access.📡 Detection & Monitoring
Log Indicators:
- Multiple failed screen lock attempts followed by successful wallet access
- Unusual wallet access patterns without authentication events
Network Indicators:
- None - this is a local physical vulnerability
SIEM Query:
Not applicable for this local physical access vulnerability