CVE-2025-64696
📋 TL;DR
The Brother iPrint&Scan Android app versions 6.13.7 and earlier improperly stores application files in an external cache directory accessible to other apps. This allows malicious applications on the same device to potentially access sensitive files. Only Android users with the vulnerable app versions are affected.
💻 Affected Systems
- Brother iPrint&Scan
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious app could access sensitive files like print job data, scanned documents, or configuration files containing credentials or device information.
Likely Case
Limited data exposure of non-critical app files, potentially including temporary print/scanned data or app preferences.
If Mitigated
No data exposure if app uses proper internal storage or implements content provider with appropriate permissions.
🎯 Exploit Status
Exploitation requires developing and installing a malicious Android app with appropriate permissions to access external storage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.13.8 or later
Vendor Advisory: https://support.brother.com/g/s/security/
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for 'Brother iPrint&Scan' 3. Update to version 6.13.8 or later 4. No restart required
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove the Brother iPrint&Scan app until it can be updated to a secure version
adb uninstall com.brother.mfc.brprint
Restrict app installation
androidPrevent installation of unknown apps from untrusted sources
Settings > Security > Unknown sources (disable)
🧯 If You Can't Patch
- Monitor for suspicious apps on devices with Brother iPrint&Scan installed
- Implement mobile device management (MDM) to control app installations
🔍 How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > Brother iPrint&Scan > App infoCheck Version:
adb shell dumpsys package com.brother.mfc.brprint | grep versionNameVerify Fix Applied:
Confirm app version is 6.13.8 or higher in app settings📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from other apps to Brother app directories
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Not applicable for local app-to-app vulnerabilities