Cyber Posture

CVE-2025-25758

HighPublic PoC

Published: 20 March 2025

Published
20 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0013 31.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25758 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Kukufm Kukufm. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 31.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-19 (Access Control for Mobile Devices) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match
prevent

Enforces secure configuration settings such as setting android:allowBackup="false" in AndroidManifest.xml to prevent unauthorized backup extraction of sensitive data.

SC-28 Protection of Information at Rest good match
prevent

Implements cryptographic protection for sensitive information at rest, ensuring data remains confidential even if accessed via enabled Android backup functionality.

AC-19 Access Control for Mobile Devices good match
prevent

Establishes usage restrictions and access controls for mobile devices, including disabling unnecessary backup features and encrypting sensitive app data.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

The vulnerability's allowBackup=true setting combined with cleartext storage of sensitive data directly enables extraction of application data from local storage via Android backup, facilitating T1005 Data from Local System for collection of sensitive information.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml

Deeper analysisAI

CVE-2025-25758, published on 2025-03-20, affects the KukuFM Android application version 1.12.7 (build 11207). The vulnerability arises from the android:allowBackup="true" attribute in the AndroidManifest.xml file, which enables attackers to access sensitive data stored in cleartext. It is classified under CWE-312 (Cleartext Storage of Sensitive Information) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.

Any network-accessible attacker can exploit this issue without authentication, privileges, or user interaction. By leveraging Android's backup functionality, they can extract and access the application's sensitive cleartext data, potentially exposing user information or other confidential content stored locally.

Advisories and additional details are referenced at https://pastebin.com/0cb0KsGS.

Details

CWE(s)
CWE-312

Affected Products

kukufm
kukufm
1.12.7

CVEs Like This One

CVE-2025-26495Shared CWE-312
CVE-2026-34833Shared CWE-312
CVE-2024-55928Shared CWE-312
CVE-2025-22896Shared CWE-312
CVE-2025-27685Shared CWE-312
CVE-2026-33867Shared CWE-312
CVE-2026-27520Shared CWE-312
CVE-2026-27877Shared CWE-312
CVE-2024-23942Shared CWE-312
CVE-2019-25279Shared CWE-312

References