Login Sign Up

CVE-2025-7892

5.3 MEDIUM

📋 TL;DR

This vulnerability in IDnow App for Android allows improper export of application components via AndroidManifest.xml, potentially enabling local attackers to access sensitive app functionality. It affects Android users running IDnow App versions up to 9.6.0. The vulnerability requires local device access to exploit.

💻 Affected Systems

Products:
  • IDnow App
Versions: up to 9.6.0
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the de.idnow component specifically; requires Android device with vulnerable app version installed.

📦 What is this software?

Idnow by Idnow

View all CVEs affecting Idnow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains unauthorized access to sensitive app components, potentially accessing user verification data or performing actions within the app context.

🟠

Likely Case

Local malware or malicious apps could exploit this to interact with IDnow App components, potentially accessing limited app functionality or user data.

🟢

If Mitigated

With proper Android security controls and app sandboxing, impact is limited to the app's own data and functionality.

🌐 Internet-Facing: LOW - Requires local device access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local access required, but could be exploited by malware or malicious apps on compromised devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit disclosed publicly on GitHub; requires local access to device; vendor unresponsive to disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor vendor for updates to IDnow App beyond version 9.6.0.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove IDnow App version 9.6.0 or earlier from Android devices

adb uninstall de.idnow

Restrict app permissions

android

Limit app permissions in Android settings to minimum required

🧯 If You Can't Patch

  • Isolate devices with vulnerable app from sensitive networks
  • Implement mobile device management (MDM) controls to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android device for IDnow App version 9.6.0 or earlier in Settings > Apps

Check Version:

adb shell dumpsys package de.idnow | grep versionName

Verify Fix Applied:

Verify IDnow App version is greater than 9.6.0 or app is uninstalled

📡 Detection & Monitoring

Log Indicators:

  • Unusual activity in IDnow App logs
  • Unauthorized component access attempts

Network Indicators:

  • None - local vulnerability only

SIEM Query:

app:"IDnow" AND version:"<=9.6.0" AND event_type:"security_violation"

📊 Metadata

CVE ID: CVE-2025-7892
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-926
EPSS Score: 0.03% exploit probability (8.5th percentile)
Published: July 20, 2025
Last Updated: September 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7892, you might also want to check these:

CVE-2025-15464 7.5

This vulnerability allows external applications to bypass security controls and directly launch Gmai...

Same vulnerability type (CWE-926)
CVE-2023-41960 7.1

This vulnerability allows unprivileged third-party Android apps to interact with an improperly secur...

Same vulnerability type (CWE-926)
CVE-2023-20962 5.5

This vulnerability in Android 13 allows malicious apps to start foreground activities from the backg...

Same vulnerability type (CWE-926)