CVE-2025-10716
📋 TL;DR
This vulnerability in Creality Cloud App up to version 6.1.0 on Android allows improper export of application components via manipulation of AndroidManifest.xml. Attackers can exploit this locally to potentially access sensitive app functionality or data. Only Android users of Creality Cloud App versions up to 6.1.0 are affected.
💻 Affected Systems
- Creality Cloud App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains unauthorized access to sensitive app components, potentially leading to data theft or privilege escalation within the app context.
Likely Case
Local attacker exploits exported components to access app functionality they shouldn't have access to, potentially compromising user data stored within the app.
If Mitigated
With proper Android security controls and app sandboxing, impact is limited to the app's own data and permissions.
🎯 Exploit Status
Exploit details are published on GitHub. Requires local access to device and knowledge of Android app exploitation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NONE
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Consider removing the app until fixed.
🔧 Temporary Workarounds
Uninstall vulnerable app
AndroidRemove Creality Cloud App from affected Android devices
Settings > Apps > Creality Cloud > Uninstall
Disable vulnerable component
Android (requires ADB or root)Use Android's package manager to disable the com.cxsw.sdprinter component if possible
pm disable com.cxsw.sdprinter
🧯 If You Can't Patch
- Restrict physical access to devices running vulnerable app
- Implement mobile device management (MDM) to monitor for suspicious app behavior
🔍 How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > Creality Cloud. If version is 6.1.0 or lower, you are vulnerable.Check Version:
adb shell dumpsys package com.creality.cloud | grep versionNameVerify Fix Applied:
Check if app version is higher than 6.1.0, or verify the com.cxsw.sdprinter component is properly secured in AndroidManifest.xml📡 Detection & Monitoring
Log Indicators:
- Android logs showing unauthorized access to com.cxsw.sdprinter component
- App crash logs related to exported components
Network Indicators:
- N/A - local exploitation only
SIEM Query:
N/A - local device-level issue