Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-46018 PoC — Opay Mobile application 安全漏洞

Source
https://github.com/niranjangaire1995/CVE-2025-46018-CSC-Pay-Mobile-App-Payment-Authentication-Bypass
Associated Vulnerability
Title:Opay Mobile application 安全漏洞 (CVE-2025-46018)
Description:Opay Mobile application是Opay公司的一个轻量级应用程序。用于管理所有银行或支付需求。 Opay Mobile application 2.19.4版本存在安全漏洞,该漏洞源于允许用户在交易特定时刻通过禁用蓝牙绕过支付授权,可能导致未经授权使用洗衣服务和财务损失。
Description
Disclosure of CVE-2025-46018: A Bluetooth-based payment bypass vulnerability in CSC Pay Mobile App v2.19.4"
Readme
# CVE-2025-46018 – CSC Pay Mobile App Payment Authentication Bypass

## Summary

A **payment authentication bypass vulnerability** was discovered in the CSC Pay Mobile App, affecting version **2.19.4**. The flaw allowed an attacker to initiate a payment, disable Bluetooth at a specific point in the process, and activate a laundry machine **without being charged**.

This issue has been responsibly disclosed and is now tracked as **CVE-2025-46018**.

---

## Affected Product

- **Product**: CSC Pay Mobile App  
- **Version**: 2.19.4 (fixed in version 2.20.0)  
- **Component**: Bluetooth payment authentication module  
- **Vendor**: CSC ServiceWorks

---

## Vulnerability Type

- CWE-284: Improper Access Control  
- CVSS (estimated): Medium severity  
- Exploit type: Local – requires proximity to the machine

---

## Attack Vector (High-Level)

1. The attacker initiates a payment via the mobile app and scans the QR code on a laundry machine.
2. Before the app completes Bluetooth authentication and charges the user, Bluetooth is intentionally disabled.
3. The machine starts the cycle despite no transaction being completed.

**Impact**: Unauthorized use of machines without payment, potential revenue loss, and abuse in public/shared environments.

---

## Timeline

| Date            | Event                                      |
|-----------------|--------------------------------------------|
| April 13, 2025  | Vulnerability discovered                   |
| April 16, 2025  | Reported to CSC ServiceWorks               |
| June 4, 2025    | CVE-2025-46018 assigned by MITRE           |
| July 2025       | Vendor acknowledged issue fixed            |
| Version 2.20.0  | Issue resolved in app update               |

---

## Acknowledgment

**Discoverer**: Niranjan Gaire  
- [CSC ServiceWorks Security Hall of Fame](https://www.cscsw.com/disclosure-process/)  
- [MITRE CVE Record – CVE-2025-46018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46018) 

---

## Disclaimer

This repository is for documentation and responsible disclosure purposes only.  
**No exploit code or reproduction steps will be shared publicly.**
File Snapshot

 [4.0K]  /data/pocs/48a1c7b5801a22a351c050dcd16dc54fb2426d7e
└── [2.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.