CVE-2025-1879: i-Drive i11/i12 APK hard-coded credentials

2.4 CVSS

Description

A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. Eine problematische Schwachstelle wurde in i-Drive i11 and i12 bis 20250227 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente APK. Mittels dem Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus.

Classification

CVE ID: CVE-2025-1879

CVSS Base Severity: LOW

CVSS Base Score: 2.4

CVSS Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

Hard-coded Credentials Use of Hard-coded Password

Affected Products

Vendor: i-Drive, i-Drive

Product: i11, i12

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.53% (scored less or equal to compared to others)

EPSS Date: 2025-04-01 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1879
https://vuldb.com/?id.298193
https://vuldb.com/?ctiid.298193
https://vuldb.com/?submit.510950
https://github.com/geo-chen/i-Drive

Timeline