SB2025022121 - Authentication bypass using an alternate path or channel in RoboForm Password Manager App for Android
Published: February 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2025-26700)
CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to the authentication bypass using an alternate path or channel. An attacker with physical access can bypass the lock screen and obtain sensitive information.
Remediation
Install update from vendor's website.