PT-2025-33409 · Lotus Cars · Lotus Cars Android App
Jack Sessions
+1
·
Published
2025-08-14
·
Updated
2025-08-16
·
CVE-2025-50861
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
Lotus Cars Android App version 1.2.8
Description:
The Lotus Cars Android app (com.lotus.carsdomestic.intl) version 1.2.8 contains an exported component,
PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This can lead to unintended access to application internals, potentially causing denial of service or logic abuse.Recommendations:
Update to a newer version of the Lotus Cars Android App that addresses this issue.
Exploit
Fix
DoS
Improper Access Control
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lotus Cars Android App