CVE-2025-25758

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 20, 2025

Updated: Apr 1, 2025

CWE ID 312

Summary

CVE-2025-25758 is a vulnerability discovered in KukuFM Android version 1.12.7 (11207). This issue grants attackers unrestricted access to sensitive cleartext data, as a result of the android:allowBackup="true" setting in the AndroidManifest.xml file being misconfigured. Attackers can exploit this vulnerability to gain unauthorized access to the affected device, potentially leading to theft or manipulation of sensitive information. Users of KukuFM Android are urged to update to a patched version to mitigate this risk. The misconfiguration of the android:allowBackup setting inadvertently exposes data that should have been protected, providing attackers with an entry point into the device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-25758

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations