A critical security flaw (CVE-2025-45080) in the YONO SBI app version 1.23.36 exposes users to man-in-the-middle attacks due to its use of unencrypted HTTP traffic. The vulnerability, caused by enabling cleartext communication in the app’s configuration, allows attackers to intercept or manipulate sensitive banking data. Users are advised to avoid the app until a secure update is released.