Login Sign Up

CVE-2024-40673

6.5 MEDIUM
Remote Code Execution

📋 TL;DR

This vulnerability in Android's ZipFile.java allows attackers to execute arbitrary code by manipulating dynamic code loading through improper input validation. It enables remote code execution without requiring user interaction or additional privileges. Android devices using vulnerable versions of the platform libcore library are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to October 2024 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices using the vulnerable libcore library. Applications processing malicious zip files may be vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the device, data theft, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to data exfiltration, device enrollment in botnets, or installation of additional malware payloads.

🟢

If Mitigated

Attack blocked at network perimeter or application sandbox prevents code execution, limiting impact to denial of service.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires delivering a malicious zip file to the target device, which could occur through various attack vectors including malicious apps, downloads, or network traffic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2024 Android Security Patch

Vendor Advisory: https://source.android.com/security/bulletin/2024-10-01

Restart Required: Yes

Instructions:

1. Apply October 2024 Android Security Patch. 2. Update affected Android devices through system updates. 3. Verify patch installation in device settings.

🔧 Temporary Workarounds

Disable zip file processing

android

Prevent applications from processing zip files from untrusted sources

Network filtering

all

Block zip file downloads at network perimeter

🧯 If You Can't Patch

  • Isolate vulnerable devices from untrusted networks
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before October 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows October 2024 or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual zip file processing in application logs
  • Suspicious file operations following zip extraction

Network Indicators:

  • Unexpected zip file downloads to Android devices
  • Outbound connections following zip file processing

SIEM Query:

source="android_logs" AND ("zip" OR "ZipFile") AND ("loadClass" OR "DexClassLoader")

📊 Metadata

CVE ID: CVE-2024-40673
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-94
EPSS Score: 1.06% exploit probability (77.2th percentile)
Published: January 28, 2025
Last Updated: April 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40673, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)