CVE-2025-10722
📋 TL;DR
This vulnerability in SKTLab Mukbee App 1.01.196 on Android allows improper export of application components via AndroidManifest.xml manipulation. Attackers with local access can exploit this to access sensitive app components, potentially leading to data theft or privilege escalation. Only users of this specific Android app version are affected.
💻 Affected Systems
- SKTLab Mukbee App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains unauthorized access to sensitive app components, potentially stealing user data, intercepting communications, or executing arbitrary code within app context.
Likely Case
Local attacker accesses exposed app components to extract sensitive information or perform unauthorized actions within the app's permissions.
If Mitigated
With proper Android security controls and app sandboxing, impact limited to data accessible by the app's own permissions.
🎯 Exploit Status
Exploit details public on GitHub; requires local access to device; vendor unresponsive.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NONE
Restart Required: No
Instructions:
No official patch available; vendor unresponsive. Consider uninstalling app until update.
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove SKTLab Mukbee App 1.01.196 from Android devices
Settings > Apps > Mukbee > Uninstall
Restrict app permissions
androidLimit app permissions to minimum required functionality
Settings > Apps > Mukbee > Permissions > Disable unnecessary permissions
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks/data
- Monitor for suspicious app behavior or data access attempts
🔍 How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > Mukbee > App info; if version is 1.01.196, vulnerable.Check Version:
adb shell dumpsys package com.dw.android.mukbee | grep versionNameVerify Fix Applied:
Verify app is uninstalled or updated to newer version (if available).📡 Detection & Monitoring
Log Indicators:
- Android logs showing unauthorized access to com.dw.android.mukbee components
- App crash reports or security exceptions
Network Indicators:
- Unusual network traffic from Mukbee app to unexpected destinations
SIEM Query:
source="android" AND (app="com.dw.android.mukbee" AND (event="security_exception" OR event="permission_violation"))