{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15515", "assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8", "state": "PUBLISHED", "assignerShortName": "Vivo", "dateReserved": "2026-01-13T03:21:41.870Z", "datePublished": "2026-03-13T06:43:50.023Z", "dateUpdated": "2026-03-13T14:12:55.422Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8", "shortName": "Vivo", "dateUpdated": "2026-03-13T06:43:50.023Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "affected": [{"vendor": "vivo", "product": "Easyshare", "versions": [{"status": "affected", "version": "Versions below 7.0.11.5"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage"}]}], "references": [{"url": "https://www.vivo.com/en/support/security-advisory-detail?id=21"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T14:12:47.045688Z", "id": "CVE-2025-15515", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T14:12:55.422Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15515", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T14:12:47.045688Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T14:12:51.057Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "vivo", "product": "Easyshare", "versions": [{"status": "affected", "version": "Versions below 7.0.11.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.vivo.com/en/support/security-advisory-detail?id=21"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage", "supportingMedia": [{"type": "text/html", "value": "The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing authentication for critical function"}]}], "providerMetadata": {"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8", "shortName": "Vivo", "dateUpdated": "2026-03-13T06:43:50.023Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15515", "state": "PUBLISHED", "dateUpdated": "2026-03-13T14:12:55.422Z", "dateReserved": "2026-01-13T03:21:41.870Z", "assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8", "datePublished": "2026-03-13T06:43:50.023Z", "assignerShortName": "Vivo"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage"}], "id": "CVE-2025-15515", "lastModified": "2026-03-16T14:54:11.293", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@vivo.com", "type": "Secondary"}]}, "published": "2026-03-13T19:53:50.557", "references": [{"source": "security@vivo.com", "url": "https://www.vivo.com/en/support/security-advisory-detail?id=21"}], "sourceIdentifier": "security@vivo.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@vivo.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.0.11.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Easyshare", "source": "cna", "vendor": "vivo"}, "product": "easyshare", "vendor": "vivo"}], "analysis": {"en": {"generated_at": "2026-03-19T14:43:39.789749+00:00", "value": {"mitigation_remediation": ["Check the official vivo security advisory (https://www.vivo.com/en/support/security-advisory-detail?id=21) for an available patch or update for the EasyShare module.", "Apply any released vendor patch or update to the EasyShare firmware/software.", "If a patch is not yet available, monitor local network traffic for unauthorized data transmission and restrict access to the EasyShare feature until an update is applied."], "summary": {"action": "Patch", "impact": "Data Leakage"}, "threat_synthesis": {"affected_systems": "The affected product is vivo EasyShare, a feature in vivo devices. Affected versions are not explicitly enumerated in the vendor data; therefore, all currently deployed EasyShare implementations should be considered at risk until the vendor issues a fixed version.", "description_and_impact": "The vulnerability is a missing authentication mechanism in the EasyShare module, which can lead to data leakage if specific conditions on a local network are met. The weakness is identified as CWE\u2011306 (Missing Authentication for a Function or Operation). This flaw may allow a local attacker to access sensitive data stored or transmitted by the EasyShare feature, thereby compromising confidentiality but not impacting system integrity or availability.", "risk_and_exploitability": "The CVSS base score is 6.9 (medium). EPSS indicates the probability of exploitation is less than 1\u202f%, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is local network based on the description, which suggests that an attacker with local network access could exploit the flaw. Immediate patching is recommended since the vulnerability could expose sensitive data."}}}}, "created": "2026-03-16T09:38:01.159830+00:00", "title": "Authentication bypass in EasyShare leading to local network data leakage", "updated": "2026-03-23T09:59:46.753676+00:00", "vendors": ["vivo", "vivo$PRODUCT$easyshare"]}