CVE-2025-7890
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7890
EUVD
EUVD-2025-22014
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dunamu stockplus to 7.62.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7890 is a Task Hijacking vulnerability in the Dunamu StockPlus Android app (version 7.62.10 and earlier). It arises from improper export of Android application components in the AndroidManifest.xml file, allowing malicious local applications to inherit permissions from the StockPlus app. This enables attackers to manipulate or take over tasks within the Android OS, potentially phishing login credentials or accessing sensitive app functions. The vulnerability affects Android versions prior to Android 11 and requires changes to the AndroidManifest.xml to fix. [1, 2]


How can this vulnerability impact me? :

This vulnerability can compromise the confidentiality, integrity, and availability of the Dunamu StockPlus app on affected devices. Attackers exploiting it locally can hijack tasks, potentially steal login credentials, manipulate app behavior, or gain unauthorized access to app components. This can lead to unauthorized data access or manipulation, impacting user security and privacy. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the AndroidManifest.xml file of the Dunamu StockPlus app (version 7.62.10 and earlier) for improperly exported components. Additionally, attackers can identify vulnerable targets using Google hacking techniques to search for exposed AndroidManifest.xml files. Since the exploit is local and involves Android app components, commands to analyze the APK manifest such as 'aapt dump xmltree <app.apk> AndroidManifest.xml' or using 'apktool' to decode the APK and inspect the manifest can be used to detect improperly exported components. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves modifying the AndroidManifest.xml configuration to prevent improper export of application components. Since the vendor has not provided a fix or response, consider replacing the affected Dunamu StockPlus app with an alternative. Avoid installing or running the vulnerable versions (up to 7.62.10) on devices, and restrict local access to the app to prevent exploitation. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart