CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-15385

CVSS 9.8v3.1pub. 2026-01-06upd. 2026-01-30

Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.

🤖 AI Analysis
How it works

The vulnerability results from insufficient verification of data authenticity (CWE-345) in the com.Afmobi.Boomplayer application version 7.4.63. A remote attacker, without authentication and without user interaction, can provide crafted data that is not properly verified for authenticity. As a result, the authentication mechanism is bypassed, and the attacker gains unauthorized access to protected functions or application resources.

Impact

An attacker can gain unauthorized access to application resources, potentially leading to confidentiality breach, data modification, or service disruption without possessing any permissions.

Mitigation & patch

Update the Boomplay application to a version higher than 7.4.63. Detailed information about available patches can be found on the manufacturer's website: https://security.tecno.com/SRC/securityUpdates

Who is affected

Boomplay application (com.Afmobi.Boomplayer) version 7.4.63 on Android platform (TECNO Mobile).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tecno Boomplay

    APP
    Tecno
    ≤ 7.4.63
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-3701CRITICAL9.8PL ✓ten sam vendor

Brak uwierzytelnienia w aplikacji systemowej Tecno HiOS (com.transsion.kolun.aiservice)

CVE-2025-3698HIGH7.5ten sam vendor

Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information l...

CVE-2025-2190HIGH8.1ten sam vendor

The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to c...

CVE-2019-15417HIGH7.8ten sam vendor

The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N...

CVE-2025-9056MEDIUM5.3ten sam vendor

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthori...