CVE-2025-7892 is a medium-severity vulnerability affecting the IDnow Android application versions 9.0 through 9.6.0. The vulnerability arises from improper exportation of Android application components declared in the AndroidManifest.xml file, specifically within the component identified as de.idnow. Improperly exported components can be accessed by other applications or processes on the device, potentially allowing unauthorized local attackers to interact with these components. This can lead to unauthorized information disclosure, manipulation of app behavior, or privilege escalation within the app context. The attack requires local access to the device, meaning the attacker must have some level of access to the victim’s device, such as through physical access or via another malicious app installed on the device. No user interaction or elevated privileges beyond local access are required, and the vulnerability does not affect system confidentiality, integrity, or availability at a critical level but does pose a risk of limited data exposure or unauthorized operations within the app. The vendor was notified but has not responded or issued a patch, and no known exploits are currently active in the wild. The CVSS 4.0 vector (4.8 base score) reflects low attack complexity and privileges required, with no user interaction needed, but limited scope and impact. This vulnerability is particularly relevant for environments where the IDnow app is used for identity verification or sensitive transactions on Android devices, as improper component export can undermine app security assumptions.

For European organizations, especially those relying on IDnow for identity verification, onboarding, or compliance processes, this vulnerability could lead to unauthorized access or manipulation of identity verification workflows if an attacker gains local access to a device. This could result in fraudulent identity attestations or leakage of sensitive user data handled by the app. While the vulnerability requires local access and does not enable remote exploitation, the risk is non-negligible in environments where devices may be shared, lost, or compromised by malware. Organizations in sectors such as finance, telecommunications, and government that use IDnow for KYC (Know Your Customer) or eIDAS-compliant identity verification may face increased risk of fraud or regulatory non-compliance if this vulnerability is exploited. The lack of vendor response and patch availability increases the window of exposure. However, the medium severity and local access requirement limit the scale of impact compared to remote or network-exploitable vulnerabilities.

Organizations should implement strict device management policies to prevent unauthorized local access to devices running the IDnow app, including enforcing device encryption, strong authentication, and mobile device management (MDM) solutions that restrict installation of untrusted apps. Users should be advised to avoid installing unknown or untrusted applications that could exploit this vulnerability locally. Network segmentation and endpoint protection can help detect and prevent lateral movement or malware that might leverage this vulnerability. Since no patch is currently available, organizations should monitor vendor communications for updates and consider alternative identity verification solutions if risk tolerance is low. Additionally, security teams can perform manual audits of the app’s exported components using tools like APK Analyzer or Android Studio to identify and block or restrict access to improperly exported components via custom security policies or app hardening techniques where feasible.