Login Sign Up

CVE-2025-8207

5.3 MEDIUM

📋 TL;DR

This vulnerability in Canara ai1 Mobile Banking App allows improper export of Android application components via AndroidManifest.xml manipulation. Attackers with local access to the device can potentially access sensitive app components. Only users of the specific Android banking app version are affected.

💻 Affected Systems

Products:
  • Canara ai1 Mobile Banking App
Versions: 3.6.23
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android version of the banking app. Requires app to be installed and running on vulnerable version.

📦 What is this software?

Ai1 by Canarabank

View all CVEs affecting Ai1 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains unauthorized access to banking app components, potentially accessing sensitive user data or performing unauthorized banking operations.

🟠

Likely Case

Malicious app on same device exploits exported components to access limited banking app functionality or data.

🟢

If Mitigated

With proper Android security controls and app isolation, impact is limited to information disclosure within app sandbox.

🌐 Internet-Facing: LOW - Requires local device access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Requires local access but could be exploited by malicious apps or users with physical device access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires local access to device. Public disclosure available on GitHub. Attack complexity is low once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Users should uninstall vulnerable version and monitor for updates.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the vulnerable banking app version from Android devices

adb uninstall com.canarabank.mobility

Disable app components

android

Use Android settings to disable vulnerable app or restrict permissions

🧯 If You Can't Patch

  • Restrict physical access to devices with vulnerable app installed
  • Implement mobile device management (MDM) to control app installations and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > Canara ai1 Mobile Banking > App info. Version 3.6.23 is vulnerable.

Check Version:

adb shell dumpsys package com.canarabank.mobility | grep versionName

Verify Fix Applied:

Verify app is uninstalled or updated to version above 3.6.23. Check Google Play Store for updates.

📡 Detection & Monitoring

Log Indicators:

  • Unusual app component access attempts in Android logs
  • Security exceptions related to exported components

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="android" AND (app="com.canarabank.mobility" AND (event="component_access" OR event="security_violation"))

📊 Metadata

CVE ID: CVE-2025-8207
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-926
EPSS Score: 0.02% exploit probability (3th percentile)
Published: July 26, 2025
Last Updated: July 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8207, you might also want to check these:

CVE-2025-15464 7.5

This vulnerability allows external applications to bypass security controls and directly launch Gmai...

Same vulnerability type (CWE-926)
CVE-2023-41960 7.1

This vulnerability allows unprivileged third-party Android apps to interact with an improperly secur...

Same vulnerability type (CWE-926)
CVE-2023-20962 5.5

This vulnerability in Android 13 allows malicious apps to start foreground activities from the backg...

Same vulnerability type (CWE-926)