CVE-2025-7893
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7893
EUVD
EUVD-2025-22017
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
foresightnews foresight_news to 2.6.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Foresight News App on Android (versions up to 2.6.4) is caused by improper exportation of application components due to incorrect settings in the AndroidManifest.xml file. This means the app exposes certain components to other apps without proper restrictions, allowing local attackers to potentially execute unauthorized code or actions within the app. It is classified under CWE-926 (Improper Restriction of Dynamically-Managed Code Execution) and can affect the app's confidentiality, integrity, and availability. [1]


How can this vulnerability impact me? :

The vulnerability can impact you by compromising the confidentiality, integrity, and availability of the Foresight News App on your device. Since the app improperly exports components, a local attacker with access to your device could exploit this flaw to execute unauthorized actions, potentially accessing sensitive information, altering app data, or disrupting app functionality. The exploit is publicly available and considered easy to use, increasing the risk if your device is accessible locally. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the AndroidManifest.xml file of the Foresight News App (pro.foresightnews.appa) on affected Android devices (versions 2.6.0 through 2.6.4) for improperly exported components. Since the attack requires local access, you can extract and analyze the manifest file using Android debugging tools. For example, use the command `adb shell pm dump pro.foresightnews.appa | grep -i exported` to check for exported components. Additionally, you can pull the APK and use tools like `apktool` to decode the AndroidManifest.xml and manually inspect exported components. Vulnerable targets can also be found using Google dorking with queries like `inurl:AndroidManifest.xml` to locate exposed manifests online. [1]


What immediate steps should I take to mitigate this vulnerability?

No known mitigations or countermeasures have been published for this vulnerability. The recommended immediate step is to replace the Foresight News App with an alternative product that does not have this vulnerability. Additionally, restrict local access to the device to prevent exploitation, as the attack requires local access. Monitoring for suspicious local activity related to the app may also help reduce risk until a fix or update is available. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart