CVE-2025-8745 – This vulnerability in Weee RICEPO App 6.17.77 o... (How to Fix)

Q: What is the severity of CVE-2025-8745?

CVE-2025-8745 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Weee RICEPO App 6.17.77 on Android allows improper export of Android application components via AndroidManifest.xml manipulation. Attackers with local access can potentially access sensitive app components, affecting users of this specific Android app version.

📋 TL;DR

This vulnerability in Weee RICEPO App 6.17.77 on Android allows improper export of Android application components via AndroidManifest.xml manipulation. Attackers with local access can potentially access sensitive app components, affecting users of this specific Android app version.

💻 Affected Systems

Products:

Weee RICEPO App

Versions: 6.17.77

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Android version 6.17.77 of the Weee RICEPO App; requires app to be installed and running.

📦 What is this software?

Ricepo by Sayweee

View all CVEs affecting Ricepo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains unauthorized access to sensitive app components, potentially leading to data theft or privilege escalation within the app.

🟠

Likely Case

Limited information disclosure or unauthorized access to non-critical app components by users with physical device access.

🟢

If Mitigated

Minimal impact if app is not installed or proper device security controls prevent unauthorized local access.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers with device access could exploit, but requires specific app version and configuration.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details publicly disclosed; requires local access to Android device and knowledge of Android component manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

No official patch available; vendor did not respond to disclosure. Consider removing the app until updated version is released.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove Weee RICEPO App 6.17.77 from Android devices

adb uninstall com.ricepo.app

Restrict app permissions

android

Limit app permissions in Android settings to minimum required

🧯 If You Can't Patch

Implement device security controls to prevent unauthorized local access
Monitor for suspicious app activity or unauthorized component access attempts

🔍 How to Verify

Check if Vulnerable:

Check app version in Android settings > Apps > Weee RICEPO App > App info

Check Version:

adb shell dumpsys package com.ricepo.app | grep versionName

Verify Fix Applied:

Verify app is uninstalled or updated to version later than 6.17.77

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to com.ricepo.app components in Android logs

Network Indicators:

N/A - Local vulnerability only

SIEM Query:

N/A - Local device-level monitoring required

📊 Metadata

CVE ID: CVE-2025-8745

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-926

EPSS Score: 0.02% exploit probability (4.6th percentile)

Published: August 9, 2025

Last Updated: September 16, 2025

🔗 References

https://github.com/KMov-g/androidapps/blob/main/com.ricepo.app.md Exploit,Third Party Advisory
https://github.com/KMov-g/androidapps/blob/main/com.ricepo.app.md#steps-to-reproduce Exploit,Third Party Advisory
https://vuldb.com/?ctiid.319241 Permissions Required,VDB Entry
https://vuldb.com/?id.319241 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.623581 Third Party Advisory,VDB Entry
https://github.com/KMov-g/androidapps/blob/main/com.ricepo.app.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8745, you might also want to check these: