CVE-2025-10717
📋 TL;DR
This vulnerability in CamScanner Android app allows improper export of application components, potentially enabling local attackers to access sensitive app functionality without proper permissions. It affects users of CamScanner version 6.91.1.5.250711 on Android devices. The vulnerability requires local access to the device for exploitation.
💻 Affected Systems
- intsig CamScanner
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains unauthorized access to sensitive app components, potentially accessing stored documents, camera functionality, or app data without user consent.
Likely Case
Malicious app installed on same device could interact with CamScanner components it shouldn't have access to, potentially reading document data or manipulating app behavior.
If Mitigated
With proper Android security controls and app isolation, impact is limited to potential information disclosure within the app's sandbox.
🎯 Exploit Status
Exploit details publicly disclosed on GitHub. Requires local access and understanding of Android component manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NONE
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Consider alternative scanning apps or monitor for vendor updates.
🔧 Temporary Workarounds
Uninstall vulnerable version
androidRemove the vulnerable CamScanner version from affected devices
adb uninstall com.intsig.camscanner
Restrict app permissions
androidLimit app permissions in Android settings to minimum required functionality
🧯 If You Can't Patch
- Isolate device from sensitive networks and data
- Implement device-level security controls and monitor for suspicious app behavior
🔍 How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > CamScanner > App info. Version 6.91.1.5.250711 is vulnerable.Check Version:
adb shell dumpsys package com.intsig.camscanner | grep versionNameVerify Fix Applied:
Update to newer version if available from official app store, or verify app is uninstalled.📡 Detection & Monitoring
Log Indicators:
- Unusual activity in CamScanner logs, unexpected component access attempts
Network Indicators:
- N/A - Local vulnerability only
SIEM Query:
N/A - Local app vulnerability without network indicators🔗 References
- https://github.com/KMov-g/androidapps/blob/main/com.intsig.camscanner.md
- https://github.com/KMov-g/androidapps/blob/main/com.intsig.camscanner.md#steps-to-reproduce
- https://vuldb.com/?ctiid.325008
- https://vuldb.com/?id.325008
- https://vuldb.com/?submit.645010
- https://github.com/KMov-g/androidapps/blob/main/com.intsig.camscanner.md
