CVE-2025-61114 — HIGH (7.5)

Vulnerability Description

2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the user_token, enabling attackers to brute force tokens and perform unauthorized queries on other user accounts. Successful exploitation could result in privacy breaches and unauthorized access to user data.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-284

References

https://kar1oz.notion.site/2nd-Line-2629a473ecb280739ecac2d316da666c

FAQ

What is CVE-2025-61114?

CVE-2025-61114 is a vulnerability with a CVSS score of 7.5 (HIGH). 2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. ...

How severe is CVE-2025-61114?

CVE-2025-61114 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61114?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.