关键漏洞信息 漏洞概述 漏洞编号: JVN#35290164 标题: "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly 发布日期: 2025/09/05 最后更新日期: 2025/09/05 影响产品 "Yahoo! Shopping" App for Android versions prior to 14.15.0 描述 漏洞类型: Improper authorization in handler for custom URL scheme (CWE-939) CVSS评分: - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SE:N/SA:N Base Score 5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:E/L:A/N Base Score 4.3 CVE编号: CVE-2025-41408 影响 A remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack. 解决方案 更新应用: Update the application to the latest version according to the information provided by the developer. 厂商状态 厂商: LY Corporation 状态: Vulnerable 最后更新: 2025/09/05 报告者 Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.