{"id":"CVE-2025-21615","summary":"AAT allows data exfiltration by other apps installed on the same device","details":"AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device.","aliases":["GHSA-pwpm-x58v-px5c"],"modified":"2026-04-10T05:24:09.198195Z","published":"2025-01-06T16:25:27.758Z","database_specific":{"cwe_ids":["CWE-200"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21615.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21615.json"},{"type":"ADVISORY","url":"https://github.com/bailuk/AAT/security/advisories/GHSA-pwpm-x58v-px5c"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21615"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bailuk/aat","events":[{"introduced":"0"},{"fixed":"122fa650877f276e20eb958f77c2d4b06dc27b3b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.26"}]}}],"versions":["v0.5-alpha","v0.6-alpha","v0.7-alpha","v0.8-alpha","v0.9-alpha","v1.0-beta","v1.1-beta","v1.10-beta","v1.11-beta","v1.12-beta","v1.13","v1.14","v1.14.1","v1.15","v1.16","v1.16.1","v1.17","v1.18","v1.19","v1.2-beta","v1.20","v1.21","v1.22","v1.23","v1.24","v1.24.1","v1.25","v1.25.1","v1.25.2","v1.3-beta","v1.3.1-beta","v1.4-beta","v1.5-beta","v1.6-beta","v1.7-beta","v1.8-beta","v1.9-beta"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21615.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}