CVE-2025-65815 – CVE-2025-65815 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2025-65815?

CVE-2025-65815 has a CVSS score of 6.5 (MEDIUM). CVE-2025-65815 is a directory traversal vulnerability in AB TECHNOLOGY Document Reader that allows attackers to access files outside the intended directory when importing documents. This affects users of the Android app version 65.0 who process untrusted files.

📋 TL;DR

CVE-2025-65815 is a directory traversal vulnerability in AB TECHNOLOGY Document Reader that allows attackers to access files outside the intended directory when importing documents. This affects users of the Android app version 65.0 who process untrusted files.

💻 Affected Systems

Products:

AB TECHNOLOGY Document Reader: PDF, DOC, PPT

Versions: v65.0

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android version 65.0; requires user to open a malicious document file.

📦 What is this software?

Document Reader\ by Uniteddevelopers

View all CVEs affecting Document Reader\ →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, extract credentials, or potentially write files to sensitive locations leading to system compromise.

🟠

Likely Case

Unauthorized file access leading to information disclosure of user documents or app data.

🟢

If Mitigated

Limited impact with proper file validation and sandboxing in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files but could be delivered via email or downloads.

🏢 Internal Only: LOW - Primarily affects individual Android devices rather than internal network systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to open a malicious file; directory traversal payloads are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check Google Play Store for app updates. 2. If update available, install immediately. 3. If no update, consider alternative document readers.

🔧 Temporary Workarounds

Disable automatic file opening

android

Prevent the app from automatically opening downloaded or received files

Use alternative document reader

android

Temporarily use a different document reader app until patch is available

🧯 If You Can't Patch

Restrict app permissions to minimal required access
Educate users not to open untrusted document files with this app

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > AB TECHNOLOGY Document Reader

Check Version:

Not applicable - check via Android app settings

Verify Fix Applied:

Verify app version is higher than 65.0 after update

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in app logs
Failed path validation attempts

Network Indicators:

Not applicable - local file system vulnerability

SIEM Query:

Not applicable for mobile app vulnerability

📊 Metadata

CVE ID: CVE-2025-65815

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-22

EPSS Score: 0.11% exploit probability (29.8th percentile)

Published: December 10, 2025

Last Updated: January 2, 2026

🔗 References

https://developer.android.com/privacy-and-security/risks/untrustworthy-contentprovider-provided-filename Technical Description
https://github.com/Secsys-FDU/AF_CVEs/issues/7 Exploit,Third Party Advisory,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65815, you might also want to check these: