API tools faq
paste
H4cKr1337

CVE-2025-52294 - FULL DISCLOSURE

H4cKr1337
Jun 29th, 2025
563
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.94 KB | None | 0 0
raw download clone embed print report
  1. CVE ASSIGNED: CVE-2025-52294
  2. CVE PUBLISHED STATE: PUBLISHED
  3. CVE LINK: https://nvd.nist.gov/vuln/detail/CVE-2025-52294
  4.  
  5. CVE-2025-52294:
  6. Trust Wallet v8.45 (Android) fails to consistently enforce the in-app PIN when accessed via the recent apps screen, allowing a physically proximate attacker to bypass the lock screen and view wallet balance without authentication.
  7.  
  8. Vulnerability Type: Insecure Permissions.
  9.  
  10. Vendor: TrustWallet ([https://trustwallet.com/](https://trustwallet.com/)).
  11. Affected Product: [https://play.google.com/store/apps/details?id=com.wallet.crypto.trustapp](https://play.google.com/store/apps/details?id=com.wallet.crypto.trustapp) (v8.45).
  12.  
  13. Attack Type: Physical.
  14. Attack Vector: Repeatedly open Trust Wallet via recent apps without entering PIN until lock screen bypasses.
  15. Reference POC: [https://x.com/Ravenzbb/status/1930337226115686676](https://x.com/Ravenzbb/status/1930337226115686676).
  16.  
  17. Discoverer: Ishwar Kumar
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!