CVE ID: CVE-2025-61116
Vulnerability type: Incorrect Access Control
Product: AdForest - Classified (Android App)
**Package Name: **scriptsbundle.adforest
Version: 4.0.12
Vendor: Muhammad Jawad Arshad
<aside> 💡
NOTE: We reported this issue via email on 2025-09-05. After more than 45 days without any response or remediation from the vendor, we are publishing this report on 2025-10-20 out of concern for transparency and user security. We remain open to cooperating with the vendor should they choose to respond in the future.
</aside>
The authorization field used for authentication in the app is actually the email address encoded in Base64. By tampering with this field, an attacker can gain unauthorized access to any account with a known email address.