Improper Export in IDnow App for Android by IDnow
CVE-2025-7892

4.8MEDIUM

Key Information:

Vendor

IDnow

Status
Idnow App
Vendor
CVE Published:
20 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7892?

A vulnerability has been identified in the IDnow App for Android, specifically in the AndroidManifest.xml file associated with the component de.idnow. This flaw allows for the improper export of Android application components, potentially exposing sensitive information or leading to unauthorized access. The attack requires local access, making it reliant on physical proximity to the device. As the exploit has been disclosed publicly, it could be leveraged if the necessary precautions are not taken. Despite early communication regarding this issue, the vendor has not provided a response.

Affected Version(s)

IDnow App 9.0

IDnow App 9.1

IDnow App 9.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7892 - Proof of Concept

References

https://vuldb.com/?id.317007
vdb-entry
https://vuldb.com/?ctiid.317007
signaturepermissions-required
https://vuldb.com/?submit.615279
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

fxizenta (VulDB User)
.
CVE-2025-7892 : Improper Export in IDnow App for Android by IDnow