CVE-2025-56467
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-12
Last updated on: 2025-09-15
Assigner: MITRE
Description
Description
An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information."
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis_bank | axis_mobile_app | 9.9 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the AXIS BANK LIMITED Axis Mobile App version 9.9 allows attackers to access sensitive information such as account details, balances, transaction history, and other unspecified data without needing the UPI PIN.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive financial information, potentially resulting in privacy breaches, financial fraud, or identity theft.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70