CVE-2025-8524
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-04

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-04
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8524
EUVD
EUVD-2025-23542
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
boquan dotwallet 2.15.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8524 is a vulnerability in the Boquan DotWallet App version 2.15.2 for Android. It stems from improper export of Android application components defined in the AndroidManifest.xml file, which allows other applications to access or launch these components without proper restrictions. This can lead to task hijacking, where a malicious app can inherit permissions or manipulate tasks of the vulnerable app, potentially enabling phishing attacks or unauthorized access. Exploitation requires local access to the device and is considered moderately easy. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the Boquan DotWallet app on your Android device. A malicious local attacker could hijack tasks or inherit permissions from the vulnerable app, potentially leading to phishing attacks, unauthorized access to sensitive data, or manipulation of app behavior. Since the exploit requires local access, the attacker must have some level of access to your device. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by analyzing the AndroidManifest.xml file of the Boquan DotWallet App (version 2.15.2) on the device to check for improperly exported components that allow unauthorized access. Since the vulnerability involves improper exportation of application components, you can use Android debugging tools such as 'adb' to inspect the manifest and exported components. For example, you can use the command 'adb shell pm dump com.boquanhash.dotwallet' to list the app's components and their export status. Additionally, searching for exposed AndroidManifest.xml files via Google hacking techniques can help identify vulnerable targets. However, no specific detection commands are provided in the resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves modifying the AndroidManifest.xml file of the Boquan DotWallet App to prevent improper exportation of components that enable task hijacking. Specifically, restrict or remove the 'exported' attribute on components that do not require external access to prevent unauthorized apps from hijacking tasks. Since no official patch or vendor response is available, it is also suggested to consider replacing the affected app with an alternative. Ensuring the device is running Android 11 or later may also help, as the vulnerability affects versions prior to Android 11. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart