CVE-2025-6748 is a vulnerability identified in the Bharti Airtel Thanks App version 4.105.4 on Android devices. The issue involves cleartext storage of sensitive data within the app's directory at /Android/data/com.myairtelapp/files/. This vulnerability arises from an unknown function that writes data to disk without encryption or adequate protection, allowing potentially sensitive information to be stored in plaintext. The attack vector requires physical access to the device, meaning an attacker must have direct access to the Android device to exploit this vulnerability. The exploit does not require user interaction, elevated privileges beyond limited privileges, or network access, but it does require local access to the device's file system. The vulnerability has been publicly disclosed, and although the vendor was notified early, there has been no response or patch released to date. The CVSS v4.0 base score is 2.4, indicating a low severity primarily due to the limited attack vector (physical access) and low impact on confidentiality, integrity, and availability. The vulnerability could lead to unauthorized disclosure of sensitive data stored by the app, potentially exposing user information or credentials if such data is stored in cleartext. However, the exact nature of the data exposed is unspecified. Since the app is used primarily by Bharti Airtel customers, the threat is localized to users of this app and the Android platform. No known exploits are currently in the wild, but public disclosure increases the risk of exploitation by attackers with physical access to devices.

For European organizations, the direct impact of this vulnerability is limited because the Bharti Airtel Thanks App is primarily targeted at the Indian market and its customers. However, if any European entities use this app or if employees traveling from Europe use devices with this app installed, there is a risk of sensitive data exposure through physical device compromise. The vulnerability could lead to leakage of user data stored by the app, which might include personal information or authentication tokens, potentially facilitating further attacks or identity theft. The impact on confidentiality is moderate if sensitive data is stored unencrypted, but the integrity and availability impacts are negligible. Given the requirement for physical access, the threat is more relevant in scenarios where devices might be lost, stolen, or accessed by unauthorized personnel. European organizations with employees who use this app on corporate or personal devices should be aware of the risk of data leakage. Overall, the threat is low for most European organizations but could be a concern for individuals or entities with direct exposure to the affected app.

1. Users should immediately update the Bharti Airtel Thanks App once a patched version is released by the vendor. 2. Until a patch is available, users should avoid storing sensitive information within the app or on devices that may be physically accessible to unauthorized persons. 3. Employ device-level encryption and strong lock screen protections (PIN, biometric) to reduce the risk of unauthorized physical access to the device's file system. 4. Organizations should implement mobile device management (MDM) solutions that enforce encryption, remote wipe capabilities, and restrict installation of vulnerable apps on corporate devices. 5. Regularly audit devices for the presence of vulnerable app versions and remove or update them accordingly. 6. Educate users about the risks of physical device compromise and encourage secure handling of devices, especially when traveling or in public spaces. 7. Monitor for any updates or advisories from Bharti Airtel regarding this vulnerability and apply patches promptly. 8. If possible, avoid using the affected app on devices that contain sensitive corporate data until the vulnerability is addressed.