CVE-2025-8523
BaseFortify
Publication date: 2025-08-04
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fruitcrush | riderlike_fruit_crush_brain_app | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8523 is a vulnerability in the RiderLike Fruit Crush-Brain App version 1.0 on Android. It arises from improper export of Android application components defined in the AndroidManifest.xml file, allowing other local applications to access or manipulate these components without proper restrictions. This can lead to task hijacking, where malicious apps inherit permissions from the vulnerable app and potentially steal sensitive information such as login credentials. The vulnerability affects all Android versions prior to Android 11 and can be exploited locally. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing local attackers or malicious applications to hijack tasks within the Android operating system by exploiting improperly exported components. This can lead to unauthorized access to the app's data, manipulation of app behavior, and phishing attacks to steal login credentials. The confidentiality, integrity, and availability of the application and its data may be compromised. Since the exploit is publicly available and easy to execute, the risk is moderate. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the AndroidManifest.xml file of the RiderLike Fruit Crush-Brain App (com.fruitcrush.fun) for improperly exported components. Since the vulnerability involves improper export of application components, you can search for exported components in the manifest file. Additionally, Google hacking techniques such as searching for inurl:AndroidManifest.xml can help identify vulnerable targets. There is also a publicly available proof-of-concept exploit on GitHub that can be used to test for exploitation. Specific commands to inspect the manifest file on an Android device or APK include using 'aapt dump xmltree <apkfile> AndroidManifest.xml' or extracting the APK and examining the AndroidManifest.xml file for exported components with 'android:exported="true"'. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include modifying the AndroidManifest.xml file of the affected app to prevent unauthorized export of components, specifically by setting 'android:exported' attributes to false or restricting access appropriately to prevent task hijacking. Since no official patch or countermeasure has been published by the vendor, it is recommended to replace the affected RiderLike Fruit Crush-Brain App with an alternative product that does not have this vulnerability. Limiting local access to the device and monitoring for suspicious activity can also help reduce risk. [1, 2]