Lotus Cars · Lotus Cars Android App · CVE-2025-50861
Name of the Vulnerable Software and Affected Versions:
Lotus Cars Android App version 1.2.8
Description:
The Lotus Cars Android app (com.lotus.carsdomestic.intl) version 1.2.8 contains an exported component, `PushDeepLinkActivity`, which is accessible without authentication via ADB or malicious apps. This can lead to unintended access to application internals, potentially causing denial of service or logic abuse.
Recommendations:
Update to a newer version of the Lotus Cars Android App that addresses this issue.