CVE-2025-5344

Summary

Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image.

This issue affects all versions before 1.1.2.

Affected Software

VendorProductVersion RangeStatus
Bluebirdcom.bluebird.kiosk.launcher0 < 1.1.2affected

Weaknesses

  • CWE-926: CWE-926 Improper Export of Android Application Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References