CVE-2025-8275
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8275
EUVD
EUVD-2025-22900
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bsc peru_cocktails 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8275 is a vulnerability in the bsc Peru Cocktails App 1.0.0 for Android caused by improper export of application components in the AndroidManifest.xml file. This flaw allows malicious applications on the same device to access or launch exported components without proper restrictions, enabling task hijacking. Through this, attackers can inherit the permissions of the vulnerable app and potentially phish login credentials by manipulating Android tasks. The vulnerability affects all Android versions prior to Android 11 and requires local access to exploit. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers with local access to your device to hijack tasks of the vulnerable app, potentially gaining unauthorized access to sensitive data or functionality. This can lead to phishing of login credentials and compromise of the confidentiality, integrity, and availability of the application. Since the exploit is publicly available and easy to execute, it poses a medium severity risk to affected users. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the AndroidManifest.xml file of the bsc Peru Cocktails App (package: bsc.devy.peru_cocktails) for improperly exported components. Since the exploit requires local access, detection involves checking the app's manifest for exported components without proper restrictions. Additionally, attackers may use Google hacking techniques such as searching for 'inurl:AndroidManifest.xml' to identify vulnerable targets. There is a publicly available proof-of-concept exploit on GitHub that can be reviewed for detection methods. Specific commands are not provided, but examining the manifest file using tools like 'adb shell' to pull the APK and 'aapt dump xmltree' or 'apktool' to analyze the manifest can help detect the issue. [2, 1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves modifying the AndroidManifest.xml file to prevent improper export of application components, thereby blocking task hijacking attacks. Specifically, restrict or remove the 'exported' attribute on components that do not require external access. Since no official countermeasures or patches are reported, replacing the affected component or the entire app with a secure alternative is recommended. Ensuring the app targets Android 11 or higher can also help, as the vulnerability impacts versions prior to Android 11. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart