CNNVD-202510-4210 Information

Oct 30, 2025 cve

CNNVD ID

CNNVD-202510-4210

CVE-2025-61118

CNNVD Published: 2025-10-30

Description (Chinese)

mCarFix Motorists App是肯尼亚mCarFix公司的一个面向机动车主的综合服务应用。 mCarFix Motorists App 2.3版本存在安全漏洞，该漏洞源于访问控制不当，攻击者可能绕过验证随意注册账户，并通过篡改顺序数字ID未经授权访问用户数据和群组，可能导致虚假账户创建、隐私泄露和平台滥用。

Description (English)

mCarFix Motorists App is an integrated service application for motor vehicle owners of mCarFix in Kenya. mCarFix Motorists App 2.3 has a security loophole, which stems from inadequate access controls, the possibility that the assailants will bypass the verification of randomly registered accounts and unauthorized access to user data and groups by tampering with sequenced digital ID, which may lead to the creation of false accounts, disclosure of privacy and misuse of platforms.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

mCarFix

Published

2025-10-30

Last Modified

2026-02-24

References

https://kar1oz.notion.site/mCarFix-Motorists-App-2629a473ecb280ac8679c73098423cf0 https://access.redhat.com/security/cve/cve-2025-61118

Share on: