CVE-2025-60722
📋 TL;DR
A path traversal vulnerability in OneDrive for Android allows authenticated attackers to access files outside the intended directory via network requests. This affects Android users running vulnerable versions of the OneDrive app, potentially exposing sensitive data stored in the app's sandbox or other accessible locations.
💻 Affected Systems
- Microsoft OneDrive for Android
📦 What is this software?
Onedrive by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains unauthorized access to sensitive files stored by OneDrive or other apps on the device, potentially leading to data theft, privilege escalation, or further compromise.
Likely Case
Limited data exposure from the OneDrive app's sandbox or adjacent accessible directories, potentially including cached files or configuration data.
If Mitigated
Minimal impact if proper network segmentation, app sandboxing, and least privilege principles are enforced.
🎯 Exploit Status
Exploitation requires network access and valid authentication to the OneDrive app; path traversal techniques needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Microsoft Store for latest OneDrive for Android update
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60722
Restart Required: No
Instructions:
1. Open Google Play Store on Android device.
2. Search for 'OneDrive'.
3. If an update is available, tap 'Update'.
4. Ensure app is restarted after update.
🔧 Temporary Workarounds
Disable OneDrive network access
androidTemporarily restrict the app's network permissions to prevent exploitation until patched.
Go to Android Settings > Apps > OneDrive > Permissions > Disable 'Network' or similar
🧯 If You Can't Patch
- Restrict network access to OneDrive app using firewall or network policies.
- Monitor for unusual file access patterns or network traffic from the app.
🔍 How to Verify
Check if Vulnerable:
Check OneDrive app version in Android Settings > Apps > OneDrive; compare with patched version in Microsoft advisory.Check Version:
Not applicable; check via Android app settings or Google Play Store listing.Verify Fix Applied:
Update to latest version from Google Play Store and confirm version matches or exceeds patched release.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in OneDrive logs
- Failed or successful path traversal attempts in app logs
Network Indicators:
- Suspicious network requests with path traversal patterns (e.g., '../' sequences) to OneDrive endpoints
SIEM Query:
Not provided; tailor to your environment based on app logs and network traffic.