CVE-2025-56608 — MEDIUM (4.2)

Vulnerability Description

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions. This makes the authentication mechanism vulnerable to replay, spoofing, or brute-force attacks, potentially leading to unauthorized access. The vulnerability corresponds to CWE-327 and aligns with OWASP M5: Insufficient Cryptography and MASVS MSTG-CRYPTO-4.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Donbermoy	Android Corona Virus Tracker App For India	1.0

Related Weaknesses (CWE)

CWE-290

References

https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-CryptograTechnical Description
https://github.com/anonaninda/Aninda-security-advisories/blob/main/CVE-2025-5660Third Party Advisory
https://www.sourcecodester.com/android/14292/android-corona-virus-tracker-app-inProduct

FAQ

What is CVE-2025-56608?

CVE-2025-56608 is a vulnerability with a CVSS score of 4.2 (MEDIUM). The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getIn...

How severe is CVE-2025-56608?

CVE-2025-56608 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-56608?

Check the references section above for vendor advisories and patch information. Affected products include: Donbermoy Android Corona Virus Tracker App For India.