Payment Authorization Bypass in CSC Pay Mobile App by CSC Software
CVE-2025-46018

5.4MEDIUM

Key Information:

Vendor: CSC Software
Status: CSC Pay Mobile App
Vendor: CVE Published:; 1 August 2025

🔔 Create CSC Software Vulnerability Alert

What is CVE-2025-46018?

The CSC Pay Mobile App version 2.19.4 is susceptible to a vulnerability that enables attackers to bypass payment authorization processes. By disabling Bluetooth at a critical moment during a transaction, malicious users could exploit this flaw to gain unauthorized access to laundry services, potentially leading to significant monetary losses. It is crucial for users to update to version 2.20.0 to mitigate this security risk.

References

https://www.cscsw.com/disclosure-process/

https://github.com/niranjangaire1995/CVE-2025-46018-CSC-P...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2025
Vulnerability Reserved
Apr 22, 2025