Search criteria
3 vulnerabilities found for "region PAY" App for Android by Gift Pad Co.,Ltd.
CVE-2025-52580 (GCVE-0-2025-52580)
Vulnerability from cvelistv5 – Published: 2025-07-22 04:49 – Updated: 2025-07-22 15:36
VLAI?
Summary
Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity ?
CWE
- CWE-532 - Insertion of sensitive information into log file
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gift Pad Co.,Ltd. | "region PAY" App for Android |
Affected:
prior to 1.5.28
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T15:19:47.477187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:36:00.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\"region PAY\" App for Android",
"vendor": "Gift Pad Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 1.5.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file issue exists in \"region PAY\" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of sensitive information into log file",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T04:49:33.459Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN07825095/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-52580",
"datePublished": "2025-07-22T04:49:33.459Z",
"dateReserved": "2025-07-15T01:02:40.018Z",
"dateUpdated": "2025-07-22T15:36:00.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52580 (GCVE-0-2025-52580)
Vulnerability from nvd – Published: 2025-07-22 04:49 – Updated: 2025-07-22 15:36
VLAI?
Summary
Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity ?
CWE
- CWE-532 - Insertion of sensitive information into log file
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gift Pad Co.,Ltd. | "region PAY" App for Android |
Affected:
prior to 1.5.28
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T15:19:47.477187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T15:36:00.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\"region PAY\" App for Android",
"vendor": "Gift Pad Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 1.5.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file issue exists in \"region PAY\" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of sensitive information into log file",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T04:49:33.459Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN07825095/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-52580",
"datePublished": "2025-07-22T04:49:33.459Z",
"dateReserved": "2025-07-15T01:02:40.018Z",
"dateUpdated": "2025-07-22T15:36:00.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000050
Vulnerability from jvndb - Published: 2025-07-22 13:33 - Updated:2025-07-22 13:33
Severity ?
Summary
"region PAY" App for Android vulnerable to insertion of sensitive information into log file
Details
"region PAY" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability.
- Insertion of sensitive information into log file (CWE-532) - CVE-2025-52580
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000050.html",
"dc:date": "2025-07-22T13:33+09:00",
"dcterms:issued": "2025-07-22T13:33+09:00",
"dcterms:modified": "2025-07-22T13:33+09:00",
"description": "\"region PAY\" App for Android provided by Gift Pad Co.,Ltd. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eInsertion of sensitive information into log file (CWE-532) - CVE-2025-52580\u003c/li\u003e\u003c/ul\u003e\r\nKubo Naoki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000050.html",
"sec:cpe": {
"#text": "cpe:/a:misc:giftpad_region_pay",
"@product": "\"region PAY\" App for Android",
"@vendor": "Gift Pad Co.,Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000050",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN07825095/index.html",
"@id": "JVN#07825095",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-52580",
"@id": "CVE-2025-52580",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "\"region PAY\" App for Android vulnerable to insertion of sensitive information into log file"
}