Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-925 — Vulnerability Class 3

3 vulnerabilities classified as CWE-925. AI Chinese analysis included.

CWE-925 represents a critical security weakness in Android applications where a Broadcast Receiver fails to validate the origin of incoming Intents. This vulnerability typically arises when developers register receivers for implicit system intents without verifying that the sender is an authorized entity, such as the operating system itself. Attackers exploit this by crafting malicious Intents with identical action strings to impersonate legitimate system broadcasts, tricking the application into executing unintended logic or accessing sensitive data. To mitigate this risk, developers must strictly enforce intent verification by checking the sender’s package name or user ID against a whitelist of trusted sources. Additionally, utilizing explicit intents or registering receivers with specific permissions ensures that only authorized applications can trigger critical system events, thereby preventing unauthorized interception and potential privilege escalation attacks within the Android ecosystem.

MITRE CWE Description
The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source. Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.
Common Consequences (1)
IntegrityGain Privileges or Assume Identity
Another application can impersonate the operating system and cause the software to perform an unintended action.
Mitigations (1)
Architecture and DesignBefore acting on the Intent, check the Intent Action to make sure it matches the expected System action.
Examples (1)
The following example demonstrates the weakness.
<manifest package="com.example.vulnerableApplication"> <application> ... <receiver android:name=".ShutdownReceiver"> <intent-filter> <action android:name="android.intent.action.ACTION_SHUTDOWN" /> </intent-filter> </receiver> ... </application> </manifest>
Bad · XML
... IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN); BroadcastReceiver sReceiver = new ShutDownReceiver(); registerReceiver(sReceiver, filter); ... public class ShutdownReceiver extends BroadcastReceiver { @Override public void onReceive(final Context context, final Intent intent) { mainActivity.saveLocalData(); mainActivity.stopActivity(); } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-33173 Rails Active Storage has possible content type bypass via metadata in direct uploads — activestorage 8.1 -2026-03-23
CVE-2024-10576 Unauthorized factory reset of Infinix devices — com.transsion.agingfunction--2024-12-04
CVE-2023-44126 Call management - Implicit intents disclose telephony data such as phone numbers, call states, contacts — LG V60 Thin Q 5G(LMV600VM) 3.6 Low2023-09-27

Vulnerabilities classified as CWE-925 represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.