CVE-2025-5500
BaseFortify
Publication date: 2025-09-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zhenshi | mibro_fit_app | 1.6.3.17499 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5500 is a vulnerability in the ZhenShi Mibro Fit Android app version 1.6.3.17499 caused by improper export of Android application components in the AndroidManifest.xml file. This flaw allows malicious local attackers to hijack tasks by exploiting these improperly exported components, enabling them to inherit the app's permissions and potentially manipulate or take over Android tasks. This can be used for phishing attacks to steal user login credentials. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a malicious app with local access to your device to hijack tasks of the vulnerable app, inherit its permissions, and potentially steal sensitive information such as login credentials. It affects the confidentiality, integrity, and availability of the application, making it possible for attackers to perform phishing attacks and manipulate app behavior. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the AndroidManifest.xml file of the Mibro Fit App (com.xiaoxun.xunoversea.mibrofit) version 1.6.3.17499 to check for improperly exported components. Since the exploit requires local access, detection involves inspecting the app's manifest for exported components without adequate restrictions. Additionally, attackers may use Google hacking techniques to find exposed AndroidManifest.xml files. Specific commands are not provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves modifying the AndroidManifest.xml configuration to prevent improper export of components, thereby blocking unauthorized task hijacking. However, no effective countermeasures or mitigations are currently known from the vendor, who did not respond. It is suggested to consider replacing the affected app with an alternative product to avoid exploitation. [1, 2]