CVE-2025-61120 — HIGH (7.5)

Vulnerability Description

AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force account logins feasible. Successful exploitation could result in account compromise, privacy breaches, and abuse of cloud resources.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-284

References

https://kar1oz.notion.site/AG-Life-Logger-2629a473ecb280c693e7d5d4a99de559

FAQ

What is CVE-2025-61120?

CVE-2025-61120 is a vulnerability with a CVSS score of 7.5 (HIGH). AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic ma...

How severe is CVE-2025-61120?

CVE-2025-61120 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61120?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.