CVE-2025-7892 is a medium-severity vulnerability affecting the IDnow App on Android versions up to 9.6.0. The root cause lies in the improper export of Android application components declared in the AndroidManifest.xml file, specifically within the component identified as de.idnow. Improper export means that components such as activities, services, or broadcast receivers are unintentionally made accessible to other apps on the device, potentially allowing unauthorized local apps or users to interact with these components. This can lead to unauthorized access or manipulation of the app’s internal functionality or data. The vulnerability requires local access to the device (i.e., the attacker must have some level of access to the device, such as installing a malicious app or having physical access) but does not require user interaction or elevated privileges beyond limited local permissions. The CVSS 4.0 vector indicates low attack complexity and low privileges required, with no user interaction needed. The impact on confidentiality, integrity, and availability is limited but present, as unauthorized access to exported components can lead to data leakage or manipulation within the app. The vendor was notified but did not respond, and no patches or mitigations have been published yet. While no known exploits are currently in the wild, the public disclosure of the vulnerability increases the risk of exploitation by attackers who can gain local access to affected devices.

For European organizations, especially those relying on the IDnow App for identity verification and digital onboarding processes, this vulnerability poses a risk of unauthorized local access to sensitive identity verification components. This could lead to manipulation or leakage of personal data, undermining trust in digital identity services and potentially violating GDPR requirements on data protection. Organizations using the app on employee or customer devices may face increased risk of insider threats or malware leveraging this vulnerability to escalate access or exfiltrate data. The impact is particularly relevant for sectors with high regulatory compliance demands such as banking, telecommunications, and government services, where IDnow is commonly used. Although exploitation requires local access, the widespread use of Android devices and the potential for malicious apps to gain foothold on devices make this a non-negligible threat. The lack of vendor response and absence of patches increases the urgency for organizations to implement compensating controls.

1. Restrict local device access: Enforce strict device management policies to prevent unauthorized installation of apps and limit physical access to devices running the IDnow App. 2. Use Mobile Device Management (MDM) solutions to monitor and control app permissions and detect suspicious activities related to exported components. 3. Employ application sandboxing and runtime protection tools that can detect and block unauthorized inter-app communication attempts targeting exported components. 4. Educate users about the risks of installing untrusted apps and the importance of device security hygiene. 5. Monitor for updates from IDnow and apply patches immediately once available. 6. As a temporary measure, consider isolating the IDnow App usage to dedicated devices or virtual environments where local access is tightly controlled. 7. Conduct regular security audits and penetration testing focusing on inter-app communication and exported components to identify similar risks proactively.