CWE-925— Improper Verification of Intent by Broadcast Receiver
The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.— MITRE CWE catalog
3 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-925page 1 of 1
- CVE-2023-44126MEDIUMCVSS 5.5EG 3.62023-09-27
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents inc…
- CVE-2024-10576CRITICALCVSS 9.4EG 9.42024-12-04
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Androi…
- CVE-2024-20853MEDIUMCVSS 5.1EG 5.12024-04-02
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.
Map vulnerabilities like CWE-925 to your infrastructure
EchelonGraph correlates every CVE — across CWE-925 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →