CVE-2025-58622 is a security vulnerability classified under CWE-862, indicating a Missing Authorization issue in the yydevelopment Mobile Contact Line application, specifically affecting versions up to 2.4.0. This vulnerability arises from incorrectly configured access control security levels, allowing users with limited privileges (PR:L - Privileges Required: Low) to perform actions or access resources beyond their authorization scope. The vulnerability does not require user interaction (UI:N) and can be exploited remotely over the network (AV:N - Attack Vector: Network). The impact is limited to integrity (I:L) with no direct confidentiality or availability impact. The CVSS 3.1 base score is 4.3, categorizing it as a medium severity issue. The lack of proper authorization checks can lead to unauthorized modification or manipulation of data within the Mobile Contact Line application, potentially undermining data integrity and trustworthiness of the application’s operations. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability’s presence in a mobile contact management application suggests that attackers could leverage this flaw to alter contact data or related information, which could have downstream effects on communication workflows or data consistency.

For European organizations, this vulnerability could pose moderate risks, especially for enterprises relying on Mobile Contact Line for managing critical contact information or communication workflows. Unauthorized modification of contact data could lead to misinformation, miscommunication, or operational disruptions, particularly in sectors where accurate contact data is essential, such as healthcare, finance, or government services. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact could facilitate social engineering or spear-phishing attacks if contact details are manipulated. Additionally, organizations with compliance obligations under GDPR must consider the implications of unauthorized data modifications, as it could affect data accuracy and accountability. The medium severity rating suggests that while the threat is not critical, it should not be ignored, especially in environments where data integrity is paramount.

Given the nature of the vulnerability, organizations should prioritize the following mitigation steps: 1) Conduct a thorough review of access control policies and configurations within Mobile Contact Line to ensure that authorization checks are correctly implemented and enforced for all sensitive operations. 2) Implement role-based access controls (RBAC) with the principle of least privilege to minimize the risk of unauthorized actions by low-privileged users. 3) Monitor application logs for unusual or unauthorized modification attempts to detect potential exploitation early. 4) Engage with yydevelopment for official patches or updates addressing this vulnerability and apply them promptly once available. 5) If patching is delayed, consider deploying compensating controls such as network segmentation or application-layer firewalls to restrict access to the Mobile Contact Line application to trusted users and devices. 6) Educate users about the risks of unauthorized data changes and encourage reporting of anomalies in contact information. 7) Regularly audit and validate contact data integrity to detect and correct unauthorized modifications quickly.