Platform
android
Component
health-module
Fixed in
5.3.1
CVE-2025-15567 describes an Information Disclosure vulnerability affecting the Health Module. This vulnerability allows for partial information exposure, potentially compromising user data. The issue impacts versions of the Health Module prior to 5.3.0.0. A fix is available in version 5.3.0.0.
The Information Disclosure vulnerability in the Health Module allows an attacker to potentially access sensitive data. While the description specifies 'partial information disclosure,' the exact nature of the data exposed is not detailed. Depending on the data handled by the Health Module, this could range from benign metadata to personally identifiable information (PII) or even health-related data. The impact is amplified if the module is integrated with other systems, as the attacker could potentially leverage the disclosed information for further attacks, such as identity theft or social engineering. The blast radius depends entirely on the data the module processes and stores.
CVE-2025-15567 was publicly disclosed on 2026-02-27. There is no indication of active exploitation or a KEV listing at the time of writing. Public proof-of-concept (POC) code is currently unavailable. The EPSS score is pending evaluation.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
The primary mitigation for CVE-2025-15567 is to upgrade the Health Module to version 5.3.0.0 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds to limit data exposure. This might involve restricting access to the Health Module's data, implementing stricter input validation, or disabling potentially vulnerable features. Monitor logs for any unusual access patterns or data exfiltration attempts. After upgrading, confirm the fix by verifying that the module no longer exposes sensitive information through the previously vulnerable pathways.
Update the Health Module to version 5.3.0.0 or higher. This update addresses data protection vulnerabilities that could lead to partial information disclosure. See the vendor security advisory for more details.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15567 is an Information Disclosure vulnerability in the Health Module, allowing partial data exposure before version 5.3.0.0. It poses a risk to user privacy and data security.
Yes, if you are using the Health Module in your Android application and are running a version prior to 5.3.0.0, you are potentially affected by this vulnerability.
Upgrade the Health Module to version 5.3.0.0 or later to resolve this vulnerability. If immediate upgrade is not possible, implement temporary workarounds to limit data exposure.
There is currently no evidence of active exploitation of CVE-2025-15567, but continuous monitoring is recommended.
Refer to the vendor's official advisory for detailed information and updates regarding CVE-2025-15567 and the Health Module.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your build.gradle file and we'll tell you instantly if you're affected.