Cyber Resilience

CVE-2025-7890

LowPublic PoC

Published: 20 July 2025

Published
20 July 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 29.9th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7890 is a low-severity Improper Export of Android Application Components (CWE-926) vulnerability in Dunamu Stockplus. Its CVSS base score is 1.9 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper…

more

export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The improper export of Android application components (CWE-926) allows local malicious apps to exploit the vulnerability by sending unrestricted intents, facilitating client-side code execution (T1203) and potential privilege escalation (T1068) if the app holds sensitive permissions.

Affected Assets

dunamu
stockplus
≤ 7.62.10

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References