CVE-2025-14699
📋 TL;DR
A path traversal vulnerability in Municorn FAX App 3.27.0 for Android allows local attackers to access files outside the intended directory. This affects Android users running the vulnerable version of the fax application. The vulnerability requires local access to the device.
💻 Affected Systems
- Municorn FAX App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access could read sensitive system files, potentially exposing credentials, configuration data, or other protected information.
Likely Case
Local malicious apps or users could access application data or limited system files, potentially compromising user privacy or app functionality.
If Mitigated
With proper app sandboxing and file permission controls, impact would be limited to the app's own data directory.
🎯 Exploit Status
Exploit details are publicly disclosed. Attack requires local access to the device, which could be achieved through malicious apps or physical access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Consider removing the app until a fix is released.
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove the Municorn FAX App from affected Android devices
adb uninstall biz.faxapp.app
Settings > Apps > Municorn FAX App > Uninstall
Restrict app permissions
androidRevoke storage permissions from the app to limit file access
Settings > Apps > Municorn FAX App > Permissions > Storage > Deny
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks and data
- Monitor for unusual file access patterns or new app installations
🔍 How to Verify
Check if Vulnerable:
Check app version in Settings > Apps > Municorn FAX App. If version is 3.27.0, the device is vulnerable.Check Version:
adb shell dumpsys package biz.faxapp.app | grep versionNameVerify Fix Applied:
Verify app has been uninstalled or updated to a version later than 3.27.0📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from the fax app
- Attempts to access paths outside app sandbox
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
app:biz.faxapp.app AND (event:file_access OR event:permission_violation)