Vulnerability Description
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Axon 30 Firmware | < 3.0.0b06 |
| Zte | Axon 30 | - |
| Zte | Axon 40 Pro Firmware | < 1.0.0b16 |
| Zte | Axon 40 Pro | - |
| Zte | Axon 40 Ultra Firmware | < 2.0.0b17 |
| Zte | Axon 40 Ultra | - |
| Zte | Nubia Z50 Firmware | < 1.0.0b19mr |
| Zte | Nubia Z50 | - |
Related Weaknesses (CWE)
References
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264Vendor Advisory
- https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264Vendor Advisory
FAQ
What is CVE-2023-25647?
CVE-2023-25647 is a vulnerability with a CVSS score of 4.7 (MEDIUM). There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
How severe is CVE-2023-25647?
CVE-2023-25647 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25647?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Axon 30 Firmware, Zte Axon 30, Zte Axon 40 Pro Firmware, Zte Axon 40 Pro, Zte Axon 40 Ultra Firmware.