PT-2025-29905 · Blubird · Bluebird Devices
Szymon Chadam
·
Published
2025-07-17
·
Updated
2025-07-18
·
CVE-2025-5344
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Bluebird devices versions prior to 1.1.2
Description
Bluebird devices contain a pre-loaded kiosk application that exposes an unsecured service provider,
com.bluebird.kiosk.launcher.IpartnerKioskRemoteService. A local attacker can bind to the AIDL-type service to modify device’s global settings and wallpaper image.Recommendations
Bluebird devices versions prior to 1.1.2: Update to version 1.1.2 or later to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bluebird Devices