CVE-2025-61120

HIGH

AG Life Logger Android App <1.0.2.72 - Info Disclosure

Title source: llm

Description

AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force account logins feasible. Successful exploitation could result in account compromise, privacy breaches, and abuse of cloud resources.

References (1)

Core 1

Core References

Various Sources

https://kar1oz.notion.site/AG-Life-Logger-2629a473ecb280c693e7d5d4a99de559

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Oct 30, 2025

Tracked Since Feb 18, 2026