PT-2025-33410 · Lotus Cars · Lotus Cars Android App
Jacksessions
·
Published
2025-08-14
·
Updated
2025-08-18
·
CVE-2025-50862
CVSS v3.1
5.9
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Lotus Cars Android app (com.lotus.carsdomestic.intl) version 1.2.8
Description:
The Lotus Cars Android app allows data exfiltration via ADB backup on rooted or debug-enabled devices due to the
allowBackup=true flag being set in its manifest. This poses a risk of user data exposure.Recommendations:
For version 1.2.8, disable or restrict the use of the application on rooted or debug-enabled devices to mitigate the risk of data exfiltration. Consider removing the
allowBackup=true flag in a future application update.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lotus Cars Android App