CVE-2019-25605

HIGH

EquityPandit 1.0 Insecure Logging Information Disclosure

Title source: cna

Description

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.

Exploits (1)

exploitdb WORKING POC

by ManhNho · textlocalandroid

https://www.exploit-db.com/exploits/46933

View Code ZIP pw:eip

References (3)

[Exploit] https://www.exploit-db.com/exploits/46933

[Product] https://play.google.com/store/apps/details?id=com.yieldnotion.equitypandit

[Third Party Advisory] https://www.vulncheck.com/advisories/equitypandit-insecure-logging-information-disclosure

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-612

Status published

Products (1)

Play/EquityPandit 1.0

Published Mar 22, 2026

Tracked Since Mar 22, 2026