CVE-2025-7890
Published: 20 July 2025
Summary
CVE-2025-7890 is a low-severity Improper Export of Android Application Components (CWE-926) vulnerability in Dunamu Stockplus. Its CVSS base score is 1.9 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22014
Vulnerability details
A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper…
more
export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper export of Android application components (CWE-926) allows local malicious apps to exploit the vulnerability by sending unrestricted intents, facilitating client-side code execution (T1203) and potential privilege escalation (T1068) if the app holds sensitive permissions.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.