CVE-2025-5344
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-17

Last updated on: 2025-07-17

Assigner: CERT.PL

Description
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects all versions before 1.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-17
Last Modified
2025-07-17
Generated
2026-05-27
AI Q&A
2025-07-17
EPSS Evaluated
2026-05-25
NVD
CVE-2025-5344
EUVD
EUVD-2025-21763
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
bluebird file_manager 1.3.6
bluebird file_manager 1.4.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

Bluebird devices have a pre-installed kiosk application that exposes an unsecured service called "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can connect to this service and modify the device's global settings and wallpaper image without proper authorization.


How can this vulnerability impact me? :

This vulnerability allows a local attacker to change important device settings and the wallpaper image, potentially leading to unauthorized configuration changes, disruption of device operation, or misuse of the device's display for malicious purposes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart