CVE-2025-8207
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-26
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8207
EUVD
EUVD-2025-22802
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canarabank ai1 6.3.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CWE-NVD-CWE-Other
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8207 is a Task Hijacking vulnerability in the Canara ai1 Mobile Banking App version 3.6.23 on Android. It occurs because the app improperly exports certain Android application components in its AndroidManifest.xml file without adequate restrictions. This allows malicious applications on the same device to hijack tasks or inherit permissions from the vulnerable app, potentially leading to phishing attacks to steal login credentials. Exploitation requires local access to the device and affects Android versions prior to Android 11. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of your banking app data and functions. Malicious apps can hijack tasks of the vulnerable banking app to steal sensitive information such as login credentials through phishing techniques. This can lead to unauthorized access to your banking information and potential financial loss. Since local access is required, an attacker must have some level of access to your device to exploit this vulnerability. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the AndroidManifest.xml file of the Canara ai1 Mobile Banking App (version 3.6.23) for improperly exported components that allow task hijacking. Additionally, vulnerable targets can be identified using Google hacking techniques by searching for exposed AndroidManifest.xml files. Since the exploit requires local access, checking the app's manifest for exported components without proper restrictions is key. Specific commands are not provided in the resources. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves modifying the AndroidManifest.xml configuration to prevent improper export of application components and task hijacking. Since the vendor has not responded and no official patches are available, consider replacing the affected component or product. Restricting exported components in the manifest to only those necessary and ensuring proper permissions can help mitigate the risk. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart