The vulnerability, designated as CVE-2025-45080, affects version 1.23.36 of the YONO SBI: Banking & Lifestyle app and stems from insecure network configuration settings that allow unencrypted data transmission.
Summary
1. CVE-2025-45080 in YONO SBI app v1.23.36 allows unencrypted HTTP traffic due to insecure configuration settings.
2. Enables man-in-the-middle attacks where hackers can intercept and manipulate banking data during transmission.
3. Banking credentials, transactions, and personal data are vulnerable to theft, especially on public Wi-Fi networks.
4. Millions of SBI users at risk; experts advise avoiding the app on unsecured networks until patched.
The vulnerability centers around the Android application’s manifest configuration, specifically the presence of android:usesCleartextTraffic=”true” in the app’s AndroidManifest.xml file.
This setting explicitly allows the application to transmit data over unencrypted HTTP connections, contradicting modern security best practices for financial applications.
The affected app package com.sbi.lotusintouch essentially bypasses Android’s default security mechanisms that were implemented to protect user data.
Security researcher Ishwar Kumar, who discovered the vulnerability, demonstrated that the flaw can be exploited through a relatively straightforward process.
By decompiling the APK using tools like APKTool and examining the application manifest, researchers can confirm the presence of the insecure configuration.
Network analysis tools such as Burp Suite or Wireshark can then intercept and monitor the unencrypted traffic flowing between the app and its servers.
The technical implications are severe, as this configuration violates Android’s security guidelines for apps targeting API level 28 (Android 9) or higher, where cleartext traffic is disabled by default.
The vulnerability creates multiple attack vectors, including eavesdropping on sensitive communications, data tampering during transmission, and most critically, man-in-the-middle (MITM) attacks, where malicious actors can position themselves between users and legitimate banking servers.
| Risk Factors | Details |
| Affected Products | – YONO SBI: Banking & Lifestyle- Version: 1.23.36- Package: com.sbi.lotusintouch- Platform: Android |
| Impact | – Banking credentials exposure- Financial transaction data compromise- Personal information theft- Man-in-the-middle attack enablement |
| Exploit Prerequisites | – Access to target device or network traffic- APK decompilation tools (APKTool)- Network analysis tools (Burp Suite/Wireshark)- Position on same network as victim- No authentication required |
| CVSS 3.1 Score | 8.8 (High) |
The cybersecurity community has classified this vulnerability as having a “High” impact rating, which is particularly concerning given the sensitive nature of banking applications.
Financial institutions typically handle highly sensitive data, including personal identification information, account numbers, transaction details, and authentication credentials.
When such data is transmitted over unencrypted channels, it becomes vulnerable to interception by cybercriminals operating on the same network infrastructure.
Man-in-the-middle attacks enabled by this vulnerability could allow attackers to capture login credentials, monitor financial transactions in real-time, and potentially manipulate transaction data before it reaches legitimate servers.
Users connecting to public Wi-Fi networks or compromised network infrastructure would be at particularly high risk, as attackers could easily position themselves to intercept cleartext communications.
As digital banking continues to expand globally, vulnerabilities like CVE-2025-45080 underscore the critical need for financial institutions to prioritize security configuration reviews and implement comprehensive security testing procedures throughout their application development lifecycle.
SBI customers are advised to closely monitor their accounts and refrain from using the application on unsecured networks until a security patch is released.
Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free
The post YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack appeared first on Cyber Security News.
CountrySelect Pro is a lightweight vanilla JavaScript country selector that adds a searchable dropdown with…
Editium is a lightweight WYSIWYG editor that supports both React and Vanilla JavaScript with a…
A new open-source edge AI system called π RuView is turning ordinary WiFi infrastructure into…
SELMA, Ala. (AP) — Sixty-one years after state troopers attacked Civil Rights marchers on the…
A Janesville family is creating a scholarship foundation in memory of their son, 14-year-old Kase…
Spoilers follow for Star Trek: Starfleet Academy Episode 9, “300th Night,” which is available on…
This website uses cookies.