CVE-2025-21615
MEDIUMAAT < 1.26 - Unauthorized Data Exfiltration via Malicious App
Title source: llmDescription
AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/bailuk/AAT/security/advisories/GHSA-pwpm-x58v-px5c
Scores
CVSS v3
5.5
EPSS
0.0017
EPSS Percentile
6.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
bailuk/AAT
< 1.26
Published
Jan 06, 2025
Tracked Since
Feb 18, 2026