Detections
Analytics

CVE-2019-25605

high

Description

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

References

https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure

https://www.exploit-db.com/exploits/46933

https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit

Details

Source: Mitre, NVD

Published: 2026-03-22

Updated: 2026-03-22

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High