CVE-2025-61114

HIGH

2nd Line Android App <v1.2.92 - Info Disclosure

Title source: llm

Description

2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the user_token, enabling attackers to brute force tokens and perform unauthorized queries on other user accounts. Successful exploitation could result in privacy breaches and unauthorized access to user data.

References (1)

Core 1

Core References

Various Sources

https://kar1oz.notion.site/2nd-Line-2629a473ecb280739ecac2d316da666c

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 21.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Oct 30, 2025

Tracked Since Feb 18, 2026