CVE-2025-57197 describes an improper access control vulnerability in the Payeer Android application version 2.5.0, specifically within the authentication flow for the PIN change feature. The vulnerability allows a local attacker who has already obtained root access on the device to bypass the PIN verification step when attempting to change the authentication PIN. By dynamically instrumenting the application—modifying its runtime behavior—the attacker can circumvent the check that normally requires knowledge of the current PIN. This means the attacker can directly set a new PIN without needing to know the original one. The flaw arises because the application does not adequately protect the PIN change logic against tampering or unauthorized access once root privileges are present. While exploitation requires root access, which is a significant barrier, the vulnerability effectively undermines the security of the PIN-based authentication mechanism within the app. No CVSS score has been assigned yet, and there are no known public exploits in the wild. The vulnerability was published on September 29, 2025, with the reservation date of August 17, 2025. No patch or mitigation details have been provided by the vendor at this time.

For European organizations, especially those relying on the Payeer Android app for financial transactions or digital payments, this vulnerability poses a risk to the confidentiality and integrity of user authentication credentials. If an attacker gains root access to an employee's or customer's device, they could change the authentication PIN without authorization, potentially enabling fraudulent transactions or unauthorized access to funds. Although root access is a high privilege level and not trivially obtained, the presence of this vulnerability lowers the security barrier, making post-compromise lateral movement or privilege escalation attacks more effective. This could lead to financial losses, reputational damage, and regulatory compliance issues under GDPR and other financial regulations. Organizations with employees using Payeer on Android devices should be aware that device compromise could lead to further compromise of payment credentials. The vulnerability does not directly affect availability but compromises authentication integrity and confidentiality.

To mitigate this vulnerability, European organizations should: 1) Enforce strict device security policies that prevent rooting or jailbreaking of corporate devices, including the use of Mobile Device Management (MDM) solutions that detect and block rooted devices. 2) Educate users on the risks of rooting devices and installing untrusted applications that could lead to root access. 3) Monitor devices for signs of compromise or rooting and restrict access to sensitive applications like Payeer on compromised devices. 4) Advocate for or track vendor updates and patches addressing this vulnerability, and promptly deploy them once available. 5) Consider multi-factor authentication (MFA) mechanisms that do not rely solely on PINs, reducing the impact of PIN compromise. 6) Implement application-level protections such as runtime application self-protection (RASP) or integrity checks that can detect instrumentation or tampering attempts. 7) For critical financial operations, consider additional transaction verification steps outside the mobile app to detect unauthorized changes.