PT-2025-36110 · Yahoo · "Yahoo! Shopping" App For Android

Shiga Takuma

Published

2025-09-05

Updated

2025-09-05

CVE-2025-41408

Report an issue

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

Yahoo! Shopping App for Android versions prior to 14.15.0

Description:

Improper authorization in the handler for a custom URL scheme in the Yahoo! Shopping App for Android may allow a remote, unauthenticated attacker to redirect a user to an arbitrary website. This could result in a phishing attack.

Recommendations:

Update the Yahoo! Shopping App for Android to version 14.15.0 or later.

Fix

Weakness Enumeration

CWE-939

Related Identifiers

CVE-2025-41408

Affected Products

"Yahoo! Shopping" App For Android

PT-2025-36110 · Yahoo · "Yahoo! Shopping" App For Android

Weakness Enumeration

Related Identifiers

Affected Products

References · 3