CVE-2025-57197 identifies a security vulnerability in the Payeer Android application version 2.5.0 related to improper access control in the PIN change authentication flow. Specifically, the vulnerability allows a local attacker who has obtained root access on the Android device to bypass the PIN verification step during the PIN change process. By dynamically instrumenting the application—modifying its runtime behavior—the attacker can circumvent the check that normally requires the current PIN to authorize a PIN change. This flaw stems from inadequate enforcement of access control (CWE-284) within the authentication logic, permitting unauthorized modification of the authentication PIN without knowledge of the original PIN. The vulnerability does not require user interaction but does require elevated privileges (root access) on the device, which limits the attack surface to already compromised devices. The CVSS v3.1 base score is 6.0, reflecting medium severity with high impact on confidentiality and integrity but no impact on availability. No known exploits are reported in the wild, and no patches have been linked yet. This vulnerability could allow attackers to take over user accounts by changing authentication credentials, potentially leading to unauthorized financial transactions or data exposure within the Payeer platform.

For European organizations, especially those in the financial sector or those relying on Payeer for payment processing or wallet services, this vulnerability poses a significant risk to user account security. If an attacker gains root access to a device, they can bypass PIN protections and change authentication credentials, leading to unauthorized access to funds or sensitive financial data. This undermines user trust and could result in financial losses, regulatory penalties under GDPR for data breaches, and reputational damage. The impact is heightened in environments where devices are more likely to be rooted or compromised, such as among tech-savvy users or in organizations with lax device security policies. Since the vulnerability requires local root access, the threat is more relevant in scenarios involving insider threats, lost or stolen devices, or malware that escalates privileges. European organizations with mobile workforces or BYOD policies should be particularly cautious.

1. Restrict and monitor root access on Android devices used within the organization to prevent attackers from gaining the necessary privileges to exploit this vulnerability. 2. Implement mobile device management (MDM) solutions that detect and block rooted or jailbroken devices from accessing corporate resources or sensitive applications like Payeer. 3. Employ runtime application self-protection (RASP) or integrity verification mechanisms within the Payeer app to detect and prevent dynamic instrumentation or tampering attempts. 4. Educate users about the risks of rooting devices and encourage use of official, unmodified app versions only. 5. Monitor for unusual PIN change activities or authentication anomalies within Payeer accounts to detect potential exploitation. 6. Coordinate with Payeer to obtain and apply security patches promptly once available. 7. Enforce multi-factor authentication (MFA) where possible to add an additional security layer beyond PIN protection. 8. Regularly audit and update device security policies to minimize the risk of privilege escalation on mobile devices.