CVE-2025-9098
BaseFortify
Publication date: 2025-08-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elseplus | file_recovery | 4.4.21 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9098 is a vulnerability in the Elseplus File Recovery App version 4.4.21 on Android caused by improper export of Android application components in the AndroidManifest.xml file. This misconfiguration allows malicious local applications to hijack tasks and inherit the permissions of the vulnerable app. Essentially, attackers can manipulate Android tasks to perform unauthorized actions, commonly used in phishing attacks to steal login credentials. The vulnerability affects all Android versions prior to Android 11. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a malicious local application to hijack tasks from the vulnerable app and inherit its permissions. This can lead to phishing attacks where attackers steal victims' login credentials. It impacts the confidentiality, integrity, and availability of data handled by the app. Since exploitation is easy and a proof-of-concept is publicly available, attackers can readily exploit this vulnerability if they have local access to the device. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability impacts confidentiality, integrity, and availability of data, which are core principles in standards like GDPR and HIPAA. Unauthorized access to sensitive data through task hijacking could lead to data breaches, violating these regulations. Therefore, this vulnerability poses a risk to compliance with such standards by potentially exposing personal or protected health information. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the AndroidManifest.xml file of the Elseplus File Recovery App version 4.4.21 for improperly exported Android application components. Additionally, Google hacking techniques such as searching for inurl:AndroidManifest.xml can help identify vulnerable targets. Since the attack requires local access, checking the app package com.elseplus.filerecovery on devices running Android versions prior to Android 11 is recommended. Specific commands are not provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves modifying the AndroidManifest.xml file to properly restrict the export of Android application components, preventing unauthorized task hijacking. Since no vendor response or patch is available, it is suggested to replace the affected Elseplus File Recovery App version 4.4.21 with an alternative product to avoid exploitation. [1, 2]