CVE-2025-10721 – This vulnerability in the Webull Investing & Tr... (How to Fix)

Q: What is the severity of CVE-2025-10721?

CVE-2025-10721 has a CVSS score of 5.3 (MEDIUM). This vulnerability in the Webull Investing & Trading App for Android allows improper export of application components via AndroidManifest.xml, enabling local attackers to potentially access sensitive app data or functionality. It affects Android users running version 11.2.5.63 of the Webull app. The exploit requires local access to the device.

📋 TL;DR

This vulnerability in the Webull Investing & Trading App for Android allows improper export of application components via AndroidManifest.xml, enabling local attackers to potentially access sensitive app data or functionality. It affects Android users running version 11.2.5.63 of the Webull app. The exploit requires local access to the device.

💻 Affected Systems

Products:

Webull Investing & Trading App

Versions: 11.2.5.63

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android version 11.2.5.63; other versions may also be vulnerable but not confirmed. Requires the vulnerable app to be installed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains unauthorized access to sensitive trading data, financial information, or account credentials stored within the app, potentially leading to financial fraud or identity theft.

🟠

Likely Case

Malicious app installed on the same device could access Webull app components to extract limited sensitive data or perform unauthorized actions within the app context.

🟢

If Mitigated

With proper Android security controls and app sandboxing, impact is limited to data accessible within the app's own storage, preventing system-wide compromise.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or remote device access; not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Requires local device access, but could be exploited by malware or malicious apps on corporate or personal devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details are publicly disclosed on GitHub and vuldb.com. Requires local access to device and potentially another malicious app to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

1. Check Google Play Store for Webull app updates. 2. Install any available updates. 3. If no update is available, consider temporarily uninstalling the app until a fix is released.

🔧 Temporary Workarounds

Uninstall vulnerable version

android

Remove the vulnerable app version from affected devices

adb uninstall org.dayup.stocks

Restrict app installation sources

android

Prevent installation of unknown apps that could exploit this vulnerability

Settings > Security > Unknown Sources (disable)

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement mobile device management (MDM) to monitor for suspicious app behavior

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > Webull > App info. If version is 11.2.5.63, device is vulnerable.

Check Version:

adb shell dumpsys package org.dayup.stocks | grep versionName

Verify Fix Applied:

Update app via Google Play Store and verify version is higher than 11.2.5.63.

📡 Detection & Monitoring

Log Indicators:

Unusual app component access attempts in Android logs
Multiple failed component export attempts

Network Indicators:

N/A - Local vulnerability only

SIEM Query:

N/A - Local device logging required rather than network SIEM

📊 Metadata

CVE ID: CVE-2025-10721

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-926

EPSS Score: 0.02% exploit probability (5.5th percentile)

Published: September 19, 2025

Last Updated: September 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10721, you might also want to check these: