CVE-2023-25647: Permission and Access Control Vulnerability in Some ZTE Mobile Phones
First published: Thu Aug 17 2023(Updated: )
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZTE Axon 30 Firmware | <3.0.0b06 | |
| ZTE Axon 30 Firmware | ||
| ZTE Axon 40 Pro | <1.0.0b16 | |
| ZTE Axon 40 Pro | ||
| ZTE Axon 40 Ultra | <2.0.0b17 | |
| ZTE Axon 40 Ultra Firmware | ||
| Zte Nubia Z50 | <1.0.0b19mr | |
| Zte Nubia Z50 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-25647?
CVE-2023-25647 is a permission and access control vulnerability found in some ZTE mobile phones.
How does CVE-2023-25647 affect ZTE Axon 30 Firmware?
CVE-2023-25647 affects ZTE Axon 30 Firmware up to version 3.0.0b06.
Is ZTE Axon 30 affected by CVE-2023-25647?
No, ZTE Axon 30 is not affected by CVE-2023-25647.
What is the severity of CVE-2023-25647?
CVE-2023-25647 has a severity rating of 3.3 (medium).
How can I fix CVE-2023-25647 in ZTE Axon 30 Firmware?
To fix CVE-2023-25647 in ZTE Axon 30 Firmware, update to a version beyond 3.0.0b06.
- agent/author
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/zte
- canonical/zte axon 30 firmware
- canonical/zte axon 40 pro
- canonical/zte axon 40 ultra firmware
- canonical/zte axon 40 ultra
- canonical/zte nubia z50
- canonical/zte nubia z50 firmware