PT-2025-12378 · Unknown · Kukufm Android

Published

2025-03-20

Updated

2025-03-22

CVE-2025-25758

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions KukuFM Android version 1.12.7

Description The issue allows attackers to access sensitive cleartext data through the android:allowBackup="true" setting in the AndroidManifest.xml file. This setting potentially exposes data to unauthorized access.

Recommendations For KukuFM Android version 1.12.7, consider setting android:allowBackup="false" in the AndroidManifest.xml file to prevent unauthorized access to sensitive data. As a temporary workaround, restrict access to the app's data storage to minimize the risk of exploitation.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2025-25758

Affected Products

Kukufm Android

PT-2025-12378 · Unknown · Kukufm Android

CVE-2025-25758

Weakness Enumeration

Related Identifiers

Affected Products

References · 9