CVE-2025-45080

Published Jul 1, 2025

Last updated 5 days ago

CVSS high 8.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-45080 is a vulnerability found in the YONO SBI: Banking & Lifestyle app, version 1.23.36. The application uses unencrypted communications, which could allow attackers to perform man-in-the-middle (MITM) attacks. This vulnerability arises from the app transmitting sensitive banking and lifestyle data without encryption, exposing it to interception and manipulation. The vulnerability is due to the `android:usesCleartextTraffic="true"` setting in the application's manifest file. This setting permits the app to transmit data via unencrypted HTTP, even though Android OS security best practices typically disallow cleartext traffic by default. This can be exploited on public Wi-Fi or compromised networks, where attackers can observe or alter HTTP traffic, potentially compromising user login credentials, personal details, and financial transactions.

Description
YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-319

Social media

Hype score
Not currently trending

  1. 🦹Cyber Villain: CVE-2025-45080 ⚠️ A critical flaw in the SBI YONO app exposes user data through unencrypted HTTP, making MITM attacks easier. 📃Check our cheatsheet for the full breakdown. #CVE #vulnerability #threats #banks #mobileapp #application #appsec #android #C

    @briskinfosec

    5 Jul 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A recent CVE (CVE-2025-45080) claims a vulnerability in the YONO SBI app because its 2021 version (v1.23.36) had android:usesCleartextTraffic="true". The problem? This was found via basic static analysis on a four-year-old APK, not the current app. No MITM exploits, no traffic

    @hetmehtaa

    4 Jul 2025

    2451 Impressions

    3 Retweets

    20 Likes

    9 Bookmarks

    5 Replies

    0 Quotes

  3. CVE-2025-45080 YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack. https://t.co/HPQCRQpLlS

    @CVEnew

    1 Jul 2025

    530 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    1 Quote

References

Sources include official advisories and independent security research.