CVE-2025-7891
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| instantbits | web_video_cast | to 5.12.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7891 is a vulnerability in the InstantBits Web Video Cast App for Android (up to version 5.12.4) caused by improper export of Android application components in the AndroidManifest.xml file. This flaw allows malicious local applications to hijack tasks and inherit the permissions of the vulnerable app by manipulating or taking over Android tasks. This can be exploited to perform phishing attacks and steal login credentials. The vulnerability affects confidentiality, integrity, and availability of the app and requires local access to the device to exploit. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a malicious local application to hijack the tasks of the vulnerable app and inherit its permissions. This can lead to phishing attacks where attackers steal your login credentials or other sensitive information. It compromises the confidentiality, integrity, and availability of the application, potentially exposing your data and disrupting app functionality. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for exposed AndroidManifest.xml files related to the vulnerable app using Google hacking techniques, specifically by searching for inurl:AndroidManifest.xml. Additionally, checking the installed version of the InstantBits Web Video Cast App on Android devices to see if it is version 5.12.4 or earlier can help identify vulnerable systems. Since the exploit requires local access, inspecting the AndroidManifest.xml file of the app for improperly exported components can also be done. No specific commands are provided, but using adb (Android Debug Bridge) commands such as 'adb shell pm list packages' to find the package com.instantbits.cast.webvideo and 'adb shell dumpsys package com.instantbits.cast.webvideo' to inspect exported components may be useful. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or countermeasures published for this vulnerability. The recommended immediate step is to replace the affected InstantBits Web Video Cast App (versions 5.12.0 through 5.12.4) with an alternative product. Since the vulnerability arises from improper export of Android application components in the AndroidManifest.xml file, modifying this file could mitigate the issue, but no official fix or patch is available. Users should avoid local exploitation by restricting local access to the device and uninstalling the vulnerable app. [2]