CVE Catalog

CVE-2025-56467

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. The supplier claims this is an intended feature and does not reveal much sensitive data.

Risk Assessment

The risk involves unauthorized access to users' financial data, potentially leading to privacy breaches, identity theft, or exploitation of information for further social engineering attacks.

Recommendation

It is recommended to immediately update the Axis Bank mobile app to the latest version and implement authentication mechanisms (e.g., UPI PIN) for accessing sensitive data. Users should also monitor their accounts for suspicious activity.

Original NVD description (English source)

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information."

Vulnerability data from NVD (NIST) · CISA KEV · EPSS