CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26700: Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which...

5.2 CVSS

Description

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where the application is installed to bypass the lock screen and obtain sensitive information.

Classification

CVE ID: CVE-2025-26700

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.2

CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products

Vendor: Siber Systems, Inc.

Product: RoboForm Password Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 10.95% (scored less or equal to compared to others)

EPSS Date: 2025-03-18 (when was this score calculated)

References

https://www.roboform.com/news-android
https://jvn.jp/en/vu/JVNVU92071645/

Timeline

2025-02-18 00:30:17 UTC
CVE

Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which...