CVE-2019-25605

HIGH

EquityPandit 1.0 Insecure Logging Information Disclosure

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25605. PoCs published by ManhNho.

AI-analyzed exploit summary This exploit demonstrates an insecure logging vulnerability in EquityPandit v1.0, where sensitive data (passwords) are logged in plaintext and can be captured via ADB logcat. The provided Python script automates the extraction of passwords from logcat output.

Description

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Exploits (1)

exploitdb WORKING POC

by ManhNho · textlocalandroid

https://www.exploit-db.com/exploits/46933

View Code ZIP pw:eip

This exploit demonstrates an insecure logging vulnerability in EquityPandit v1.0, where sensitive data (passwords) are logged in plaintext and can be captured via ADB logcat. The provided Python script automates the extraction of passwords from logcat output.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EquityPandit v1.0

No auth needed

Prerequisites: ADB access to the target device · EquityPandit app installed on the target device · Victim account credentials for demonstration

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 22, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-46933

https://www.exploit-db.com/exploits/46933

Product product

Product Reference

https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit

Third Party Advisory third-party-advisory

VulnCheck Advisory: EquityPandit 1.0 Insecure Logging Information Disclosure

https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-612

Status published

Products (1)

Play/EquityPandit 1.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026