CVE-2025-61830

{"id": "CVE-2025-61830", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-11-11T19:15:35.130", "references": [{"url": "https://helpx.adobe.com/security/products/pass/apsb25-112.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK."}], "lastModified": "2026-03-31T18:35:05.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:pass_authentication:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "B6B65F1E-38B7-4CB2-A3D9-C6A72D0CAB73", "versionEndExcluding": "3.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}