CVE-2025-5345
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bluebird | file_manager | 1.3.6 |
| bluebird | file_manager | 1.4.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Bluebird devices' pre-loaded file manager application, which exposes an unsecured service called "com.bluebird.system.koreanpost.IsdcardRemoteService." A local attacker can connect to this service and use it to copy and delete arbitrary files on the device's storage with system-level permissions.
How can this vulnerability impact me? :
An attacker with local access to the device could exploit this vulnerability to copy or delete any files on the device with system-level permissions, potentially leading to data loss, unauthorized data access, or system compromise.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately downgrade or revert the Bluebird device's file manager application from version 1.4.4 to the older, non-vulnerable version 1.3.6 as recommended by the vendor.