CVE-2025-65835
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cordova | cordova-plugin-x-socialsharing | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Cordova plugin cordova-plugin-x-socialsharing for Android version 6.0.4. The plugin registers an exported broadcast receiver that listens for SEND intents. The receiver's onReceive method accesses an intent extra called EXTRA_CHOSEN_COMPONENT without checking if it is null. If a broadcast is sent with extras but without this specific extra, the code dereferences a null value, causing a NullPointerException and crashing the host application. Because the receiver is exported and does not validate the sender or permissions, any local app on the device can send crafted broadcasts to trigger this crash repeatedly, resulting in a denial of service at the application level.
How can this vulnerability impact me? :
This vulnerability can be exploited by any local, unauthenticated application on the device to send specially crafted broadcasts that cause the host application (which includes the vulnerable plugin) to crash repeatedly. This leads to a local denial of service, disrupting the normal operation of the affected app and potentially degrading user experience or causing loss of functionality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for repeated crashes of applications that include the cordova-plugin-x-socialsharing plugin on Android devices. Specifically, look for crashes caused by NullPointerExceptions originating from the exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent when receiving android.intent.action.SEND intents without the EXTRA_CHOSEN_COMPONENT extra. On a rooted Android device or emulator, you can use logcat to detect such crashes with the command: `adb logcat | grep ShareChooserPendingIntent` or `adb logcat | grep NullPointerException`. Additionally, monitoring for unusual or repeated ACTION_SEND broadcasts sent to this exported receiver may indicate exploitation attempts. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating or patching the cordova-plugin-x-socialsharing plugin to a version where this vulnerability is fixed, if available. If an update is not available, consider removing or disabling the plugin to prevent exploitation. Additionally, as a workaround, restrict or monitor local applications from sending crafted ACTION_SEND broadcasts to the exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent. Implementing permission checks or caller validation in the receiver code can also mitigate the issue, but this requires modifying the plugin source. Since the plugin is actively maintained, checking the official GitHub repository for patches or updates is recommended. [1]