Vulnerability cyber

SBI

Jul 2, 2025 1 min read
SBI

A significant security flaw identified in the YONO SBI banking application exposes millions of users to cybersecurity threats. The vulnerability, CVE-2025-45080, affects version 1.23.36 of the app, allowing unencrypted data transmission due to insecure network configuration settings. This enables man-in-the-middle attacks, putting banking credentials, transactions, and personal data at risk of theft, especially on public Wi-Fi networks.

Source: https://cybersecuritynews.com/yono-sbi-banking-app-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/state-bank-of-india

"id": "sta613070225",
"linkid": "state-bank-of-india",
"type": "Vulnerability",
"date": "7/2025",
"severity": "50",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Millions of SBI users',
                        'industry': 'Banking',
                        'name': 'State Bank of India (SBI)',
                        'type': 'Financial Institution'}],
 'attack_vector': 'Man-in-the-middle (MITM) attacks',
 'customer_advisories': 'Advisory to customers to avoid using the app on '
                        'unsecured networks until patched',
 'data_breach': {'data_encryption': 'None',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Banking credentials',
                                              'Financial transaction data',
                                              'Personal information']},
 'description': 'A significant security flaw identified in the YONO SBI '
                'banking application allows unencrypted data transmission, '
                'potentially exposing millions of users to cybersecurity '
                'threats. The vulnerability, designated as CVE-2025-45080, '
                'affects version 1.23.36 of the app and stems from insecure '
                'network configuration settings.',
 'impact': {'data_compromised': ['Banking credentials',
                                 'Financial transaction data',
                                 'Personal information'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': ['YONO SBI: Banking & Lifestyle app v1.23.36']},
 'initial_access_broker': {'entry_point': 'Insecure network configuration '
                                          'settings in AndroidManifest.xml',
                           'high_value_targets': ['Banking credentials',
                                                  'Financial transaction data',
                                                  'Personal information']},
 'lessons_learned': 'Prioritize security configuration reviews and implement '
                    'comprehensive security testing procedures throughout the '
                    'application development lifecycle.',
 'motivation': 'Data theft, financial fraud',
 'post_incident_analysis': {'root_causes': 'Insecure network configuration '
                                           'settings'},
 'recommendations': 'Avoid using the application on unsecured networks until a '
                    'security patch is released.',
 'response': {'communication_strategy': 'Advisory to customers to avoid using '
                                        'the app on unsecured networks until '
                                        'patched'},
 'title': 'CVE-2025-45080 in YONO SBI Banking App',
 'type': 'Vulnerability',
 'vulnerability_exploited': 'CVE-2025-45080'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.