CVE-2025-8707

Exploit

EPSS 0.02%
Veröffentlicht 08.08.2025 02:02:06
Zuletzt bearbeitet 16.09.2025 18:27:52
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huuugegames ≫ Huuge Box Version1.0.3 SwPlatformandroid

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-926 Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

https://vuldb.com/?id.319137

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.319137

VDB Entry

Permissions Required

https://vuldb.com/?submit.619858

Third Party Advisory

VDB Entry

https://github.com/KMov-g/androidapps/blob/main/com.huuge.game.zjbox.md

Third Party Advisory

Exploit