CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21615: AAT allows data exfiltration by other apps installed on the same device

5.5 CVSS

Description

AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.

Classification

CVE ID: CVE-2025-21615

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

Affected Products

Vendor: bailuk

Product: AAT

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/bailuk/AAT/security/advisories/GHSA-pwpm-x58v-px5c

Timeline

2025-01-07 00:30:51 UTC
CVE

AAT allows data exfiltration by other apps installed on the same device