CVE-2025-0895 is a security vulnerability identified in IBM Cognos Analytics Mobile version 1.1 for Android devices. The vulnerability is classified under CWE-215, which pertains to the insertion of sensitive information into debugging code. Specifically, this flaw allows sensitive data to be exposed through debug log messages generated by the application. An attacker with physical access to the affected device can exploit this vulnerability by accessing these debug logs, thereby obtaining sensitive information that should not be exposed. The vulnerability does not require any authentication or user interaction, but it does require physical access to the device, limiting the attack vector to scenarios where an attacker can directly interact with the mobile device. The CVSS v3.1 base score is 2.4, indicating a low severity level. The vector string (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) confirms that the attack vector is physical (AV:P), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (C:L), with no impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability primarily affects the confidentiality of sensitive information stored or processed by the IBM Cognos Analytics Mobile app on Android devices, potentially exposing business intelligence data or credentials if debug logs are improperly handled.

For European organizations using IBM Cognos Analytics Mobile 1.1 on Android devices, this vulnerability poses a risk of sensitive information leakage if devices fall into unauthorized hands. The impact is primarily on confidentiality, as attackers with physical access could extract sensitive data from debug logs. This could lead to exposure of business intelligence insights, user credentials, or other sensitive operational data, potentially facilitating further attacks or corporate espionage. Although the vulnerability requires physical access, the risk is heightened in environments where mobile devices are shared, lost, or stolen, such as field operations, remote work scenarios, or during travel. Given the widespread use of IBM Cognos Analytics in enterprise environments across Europe for data analytics and decision-making, any leakage of sensitive analytics data could undermine competitive advantage and violate data protection regulations such as GDPR if personal data is involved. However, the low CVSS score and lack of known exploits indicate that the immediate threat level is low, but organizations should not disregard the risk especially in high-security contexts.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict physical access to devices running IBM Cognos Analytics Mobile, especially in high-risk environments. 2) Enforce device encryption and strong authentication mechanisms (PIN, biometrics) to prevent unauthorized access to the device and its logs. 3) Disable or restrict debug logging in production versions of the app, or ensure that debug logs do not contain sensitive information by working with IBM support or monitoring for updates. 4) Monitor and audit mobile devices for unauthorized access or suspicious activity. 5) Educate users about the risks of leaving devices unattended and the importance of reporting lost or stolen devices promptly. 6) Stay updated with IBM security advisories for patches or updates addressing this vulnerability and apply them as soon as they become available. 7) Consider mobile device management (MDM) solutions to enforce security policies and remotely wipe devices if compromised. These steps go beyond generic advice by focusing on controlling physical access, managing debug logging practices, and leveraging organizational security controls tailored to mobile device usage.