CVE ID: CVE-2025-61121
Vulnerability type: Credential Leakage
Product: Mobile Scanner (Android App)
**Package Name: **com.glority.everlens
Version: 2.12.38
Vendor: Glority Global Group Limited
<aside> 💡
NOTE: We reported this issue via email on 2025-09-05. After more than 45 days without any response or remediation from the vendor, we are publishing this report on 2025-10-20 out of concern for transparency and user security. We remain open to cooperating with the vendor should they choose to respond in the future.
</aside>
The GET /api/v3/storage/get_upload_config endpoint leaks cloud service credentials, which could lead to sensitive information disclosure and abuse of cloud resources.