CVE-2025-25370 is a medium-severity vulnerability affecting the realme GT 2 smartphone (model RMX3311) running Android 14 with realme UI 5.0. The vulnerability allows a physically proximate attacker to obtain sensitive information through the "show app only" setting function. This issue is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. The attack vector is physical proximity (AV:P), meaning the attacker must be near the device to exploit the vulnerability. No privileges or user interaction are required (PR:N/UI:N), and the attack complexity is low (AC:L). The vulnerability impacts confidentiality (C:H) but does not affect integrity or availability. The exact nature of the sensitive information exposed is not detailed, but it is significant enough to warrant a CVSS score of 4.6 (medium severity). There are no known exploits in the wild, and no patches have been linked or published yet. The vulnerability was reserved in February 2025 and published in May 2025. The issue likely arises from improper handling or insufficient access control in the "show app only" setting, which may leak sensitive data to anyone physically near the device without requiring authentication or user interaction.

For European organizations, the impact of this vulnerability depends on the prevalence of realme GT 2 devices within their workforce and the sensitivity of the data stored or accessible on these devices. Since the vulnerability allows sensitive information disclosure without user interaction or authentication, attackers with physical proximity—such as in public spaces, offices, or during device transit—could extract confidential information. This could lead to data breaches involving personal, corporate, or intellectual property data. The confidentiality breach could undermine privacy compliance obligations under GDPR, potentially resulting in regulatory penalties and reputational damage. Additionally, if the exposed information includes credentials or access tokens, it could facilitate further attacks on corporate networks. However, the requirement for physical proximity limits remote exploitation, reducing the risk of large-scale automated attacks. The absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks.

Organizations should implement several targeted mitigations beyond generic advice: 1) Enforce strict physical security controls to limit unauthorized access to devices, especially in public or semi-public environments. 2) Educate employees about the risks of leaving devices unattended or unlocked in vulnerable settings. 3) Encourage or enforce the use of strong device lock mechanisms (PIN, biometric) to prevent unauthorized access, even though this vulnerability does not require authentication, it reduces other risks. 4) Monitor for updates from realme and Android regarding patches for this vulnerability and apply them promptly once available. 5) Consider device inventory management to identify and track realme GT 2 devices and assess their risk exposure. 6) Limit sensitive data storage on vulnerable devices or use containerization and encryption solutions to protect data at rest and in use. 7) Implement endpoint detection and response (EDR) solutions that can detect unusual access patterns or data exfiltration attempts on mobile devices. 8) Review and restrict app permissions related to the "show app only" setting if possible, or disable this feature if it is not essential.