CVE-2025-8524
📋 TL;DR
This vulnerability in Boquan DotWallet App 2.15.2 on Android allows improper export of application components via AndroidManifest.xml manipulation. Attackers with local access could potentially access sensitive app components, though exploitation requires physical device access or malware installation. Only Android users of this specific wallet app version are affected.
💻 Affected Systems
- Boquan DotWallet App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains unauthorized access to wallet components, potentially compromising sensitive financial data or enabling further privilege escalation within the app.
Likely Case
Limited impact requiring physical device access or malware installation, potentially allowing data leakage from the wallet app's exported components.
If Mitigated
Minimal impact with proper mobile security controls, app sandboxing, and user awareness preventing local malware installation.
🎯 Exploit Status
Exploit disclosed publicly but requires local access; vendor unresponsive to disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NONE
Restart Required: No
Instructions:
No official patch available. Consider alternative wallet apps until vendor releases update.
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove Boquan DotWallet App 2.15.2 from affected devices
adb uninstall com.boquanhash.dotwallet
Use alternative wallet
androidSwitch to a different cryptocurrency wallet application with active security updates
🧯 If You Can't Patch
- Restrict physical device access to trusted individuals only
- Install reputable mobile security software to detect and prevent local malware installation
- Enable Android's Verify Apps feature and only install from Google Play Store
- Monitor for unusual app behavior or permission requests
🔍 How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > Boquan DotWallet > App infoCheck Version:
adb shell dumpsys package com.boquanhash.dotwallet | grep versionNameVerify Fix Applied:
Verify app is uninstalled or updated to version above 2.15.2 (when available)📡 Detection & Monitoring
Log Indicators:
- Unusual permission requests from com.boquanhash.dotwallet
- Unexpected component exports in Android system logs
Network Indicators:
- N/A - local exploitation only
SIEM Query:
N/A - primarily endpoint/mobile device management detection needed