CVE-2025-25595

Critical

Published: 18 March 2025

Published

18 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0003 9.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25595 is a critical-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Iitb Safe. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 9.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and AU-12 (Audit Record Generation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match

prevent

Directly enforces limits on consecutive unsuccessful logon attempts and account lockouts to prevent brute force authentication bypass as described in the CVE.

SC-5 Denial-of-service Protection partial match

prevent

Implements denial-of-service protections such as rate limiting to mitigate resource exhaustion from brute force attacks on the login page.

AU-12 Audit Record Generation partial match

detect

Generates audit records for failed logon attempts, enabling detection of brute force activity targeting the login endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access

Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.

attack.mitre.org →

T1110.001 Password Guessing Credential Access

Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts.

attack.mitre.org →

Why these techniques?

Lack of rate limiting on login page directly enables brute force attacks (T1110) via password guessing (T1110.001) to bypass authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.

Deeper analysisAI

CVE-2025-25595 is a vulnerability in Safe App version a3.0.9, stemming from a lack of rate limiting on the login page. This flaw enables attackers to perform brute force attacks to bypass authentication mechanisms. The issue is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts) and carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.

Remote attackers require no privileges, user interaction, or special access to exploit this vulnerability over the network with low complexity. Successful exploitation allows bypassing authentication, potentially granting unauthorized access to the application and its data or functions, resulting in high impacts on confidentiality, integrity, and availability as per the CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Advisories and additional details are referenced in sources including https://pastebin.com/t8FthPaF and the Google Play Store page for the affected app at https://play.google.com/store/apps/details?id=com.iitb.cse.arkenstone.safe_v2. The CVE was published on 2025-03-18T17:15:46.203.