CVE-2025-56608

MEDIUM EPSS 21.3%
Published Sep 3, 20259mo ago · Modified Jun 17, 20261w ago
4.2 CVSS 3.1
Medium
Find Similar
Published Sep 3, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions. This makes the authentication mechanism vulnerable to replay, spoofing, or brute-force attacks, potentially leading to unauthorized access. The vulnerability corresponds to CWE-327 and aligns with OWASP M5: Insufficient Cryptography and MASVS MSTG-CRYPTO-4.

CVSS Details

Base Score
4.2
Exploitability
1.6
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
21.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-290

Affected Products 1

VendorProductVersionRange
donbermoyandroid_corona_virus_tracker_app_for_india1.0any

References 3

  • github.com https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4
    Technical Description
  • github.com https://github.com/anonaninda/Aninda-security-advisories/blob/main/CVE-2025-56608.md
    Third Party Advisory
  • sourcecodester.com https://www.sourcecodester.com/android/14292/android-corona-virus-tracker-app-india-using-b4a.html
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.