Improper Authorization in Yahoo! Shopping App for Android
CVE-2025-41408

5.3MEDIUM

Key Information:

Vendor: Ly Corporation
Status: "yahoo! Shopping" App For Android
Vendor: CVE Published:; 5 September 2025

🔔 Create Ly Corporation Vulnerability Alert

What is CVE-2025-41408?

The Yahoo! Shopping App for Android versions before 14.15.0 is susceptible to a vulnerability where improper authorization in the handler for custom URL schemes allows remote unauthenticated attackers to direct users to arbitrary websites. This flaw heightens the risk of phishing attacks, potentially compromising user data and credentials.

Affected Version(s)

"Yahoo! Shopping" App for Android versions prior to 14.15.0

References

https://jvn.jp/en/jp/JVN35290164/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Aug 29, 2025