CVE-2025-8523
📋 TL;DR
This vulnerability in RiderLike Fruit Crush-Brain App 1.0 for Android allows improper export of application components via AndroidManifest.xml, potentially enabling local attackers to access sensitive app functionality. Only users of this specific Android game app are affected. The vulnerability requires local access to the device.
💻 Affected Systems
- RiderLike Fruit Crush-Brain App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains unauthorized access to app components, potentially accessing sensitive game data or functionality, though limited to the app's sandbox.
Likely Case
Limited information disclosure or unauthorized interaction with app components from other local apps.
If Mitigated
Minimal impact if app is not installed or proper Android permissions restrict component access.
🎯 Exploit Status
Exploit details are publicly disclosed but require local access and knowledge of Android app development.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Remove the app as primary mitigation.
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove the RiderLike Fruit Crush-Brain App from affected devices
adb uninstall com.fruitcrush.fun
Restrict app installation sources
androidConfigure Android to only allow app installations from Google Play Store
Settings > Security > Unknown Sources (disable)
🧯 If You Can't Patch
- Isolate affected devices from sensitive networks
- Monitor for unusual app behavior or data access attempts
🔍 How to Verify
Check if Vulnerable:
Check if com.fruitcrush.fun package is installed: adb shell pm list packages | grep fruitcrushCheck Version:
adb shell dumpsys package com.fruitcrush.fun | grep versionNameVerify Fix Applied:
Verify app is no longer installed or check AndroidManifest.xml for proper component export settings📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to com.fruitcrush.fun components in Android logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
App package com.fruitcrush.fun AND (component access OR permission violation)