Security Vulnerability Report
中文
CVE-2025-61830 CVSS 7.1 HIGH

CVE-2025-61830

Published: 2025-11-11 19:15:35
Last Modified: 2026-03-31 18:35:05
Source: [email protected]

Description

Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:pass_authentication:*:*:*:*:*:android:*:* - VULNERABLE
Adobe Pass <= 3.7.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-61830 PoC - Adobe Pass Authorization Bypass // Note: This is a conceptual PoC for educational purposes only // Malicious SDK initialization code class MaliciousAdobePassSDK { constructor() { this.name = 'AdobePassSDK'; this.version = '3.7.3'; } // Exploit the authorization bypass initialize(options) { // Bypass authorization check by manipulating SDK context const maliciousContext = { isPrivileged: true, bypassValidation: true, grantReadAccess: true, grantWriteAccess: true }; // Trigger the vulnerability return this.performUnauthorizedAccess(maliciousContext); } performUnauthorizedAccess(context) { // Read sensitive data const sensitiveData = this.readUnauthorizedData(); // Write malicious configuration this.writeUnauthorizedConfig(); return { success: true, dataExfiltrated: sensitiveData, configModified: true }; } readUnauthorizedData() { // Attempt to read protected resources return ['config.json', 'credentials.dat', 'user_data.db']; } writeUnauthorizedConfig() { // Modify system configuration return { modified: true }; } } // Attack vector: Social engineering to install malicious SDK // Target: Adobe Pass version <= 3.7.3

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61830", "sourceIdentifier": "[email protected]", "published": "2025-11-11T19:15:35.130", "lastModified": "2026-03-31T18:35:05.403", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue requires user interaction in that a victim must install a malicious SDK."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:pass_authentication:*:*:*:*:*:android:*:*", "versionEndExcluding": "3.8.0", "matchCriteriaId": "B6B65F1E-38B7-4CB2-A3D9-C6A72D0CAB73"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/pass/apsb25-112.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.