CVE-2025-7890

Summary

A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
DunamuStockPlus App7.62.0affected
DunamuStockPlus App7.62.1affected
DunamuStockPlus App7.62.2affected
DunamuStockPlus App7.62.3affected
DunamuStockPlus App7.62.4affected
DunamuStockPlus App7.62.5affected
DunamuStockPlus App7.62.6affected
DunamuStockPlus App7.62.7affected
DunamuStockPlus App7.62.8affected
DunamuStockPlus App7.62.9affected
DunamuStockPlus App7.62.10affected

Weaknesses

  • CWE-926: Improper Export of Android Application Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References