Cyber Resilience

CVE-2025-50861

Medium

Published: 14 August 2025

Published
14 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score 0.0051 66.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50861 is a medium-severity Improper Access Control (CWE-284) vulnerability in Comlotuscarsdomesticintl (inferred from references). Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 33.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic…

more

abuse.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Comlotuscarsdomesticintl
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-284 CWE-400

System audit review detects violations of access controls by identifying unauthorized access attempts.

addresses: CWE-284 CWE-400

The team provides specialized analysis of access-related incidents, enabling quicker identification and response to unauthorized access attempts.

addresses: CWE-284 CWE-400

Explicit security control assessments verify proper access control enforcement, detecting weaknesses that the flaw remediation process then eliminates.

addresses: CWE-284 CWE-400

Resiliency goals and objectives routinely incorporate least-privilege and access-control maintenance under adverse conditions, reducing improper access control.

addresses: CWE-284 CWE-400

Role separation implements access control boundaries between internal and external name resolution services.

addresses: CWE-284 CWE-400

Distribution forces an attacker to compromise multiple independent components rather than a single centralized target, directly reducing the impact of access control failures.

addresses: CWE-284 CWE-400

Directly detects unauthorized local/network/remote connections and system use that result from improper access control.

addresses: CWE-284

The access control policy and procedures directly mandate and enforce proper access control mechanisms across the organization.

References