CVE-2025-25758
Published: 20 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-25758, published on 2025-03-20, affects the KukuFM Android application version 1.12.7 (build 11207). The vulnerability arises from the android:allowBackup="true" attribute in the AndroidManifest.xml file, which enables attackers to access sensitive data stored in cleartext. It is classified under CWE-312 (Cleartext Storage of Sensitive Information) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.
Any network-accessible attacker can exploit this issue without authentication, privileges, or user interaction. By leveraging Android's backup functionality, they can extract and access the application's sensitive cleartext data, potentially exposing user information or other confidential content stored locally.
Advisories and additional details are referenced at https://pastebin.com/0cb0KsGS.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability's allowBackup=true setting combined with cleartext storage of sensitive data directly enables extraction of application data from local storage via Android backup, facilitating T1005 Data from Local System for collection of sensitive information.