{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-14817","assignerOrgId":"907edf6c-bf03-423e-ab1a-8da27e1aa1ea","state":"PUBLISHED","assignerShortName":"TECNOMobile","dateReserved":"2025-12-17T05:46:30.356Z","datePublished":"2025-12-17T06:20:59.672Z","dateUpdated":"2025-12-17T18:47:26.941Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"com.transsion.tranfacmode","product":"Tecno Pova6 Pro 5G","vendor":"TECNO","versions":[{"status":"affected","version":"HiOS V14.0.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction."}],"value":"The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"907edf6c-bf03-423e-ab1a-8da27e1aa1ea","shortName":"TECNOMobile","dateUpdated":"2025-12-17T09:54:50.867Z"},"references":[{"url":"https://security.tecno.com/SRC/securityUpdates"},{"url":"https://security.tecno.com/SRC/blogdetail/434?lang=en_US"}],"source":{"discovery":"UNKNOWN"},"title":"Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-12-17T18:47:23.957146Z","id":"CVE-2025-14817","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-17T18:47:26.941Z"}}]}}