CVE-2025-57197

The Payeer Android application version 2.5.0 contains an improper access control vulnerability in the authentication flow for the PIN change feature. The application fails to enforce a server-side or properly sandboxed verification of the current PIN before allowing a new PIN to be set. Instead, the PIN verification check can be bypassed through local instrumentation.

Exploitation requires an attacker to have root access on the device. With root privileges, the attacker can dynamically instrument the running Payeer application — for example, using tools such as Frida or similar — to intercept and skip the function that verifies the current PIN. The proof-of-concept materials demonstrate that the verification step can be bypassed, allowing the attacker to directly modify the authentication PIN to a value of their choosing.

The impact is that an unauthorized local attacker who gains root access can change the application's authentication PIN without knowing the original PIN. This could lead to unauthorized access to the victim's Payeer wallet and associated funds, as the PIN is the primary authentication mechanism for transactions and app access.

According to the advisory and reproducible steps provided in the research materials, no patch has been announced for this vulnerability at the time of writing. Users are advised to keep their devices free of malware and root access, and to monitor the vendor for an updated version that addresses the improper access control flaw [1].