Unsecured Broadcast Receiver in Bluebird Devices Exposes File Overwriting Vulnerability
CVE-2025-5346

5.1MEDIUM

Key Information:

Vendor: Bluebird
Status: Kr.co.bluebird.android.bbsettings
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-5346?

The Bluebird barcode scanner application has a critical security flaw due to an unsecured broadcast receiver, which allows local attackers to exploit the system. Attackers can leverage this vulnerability to overwrite files containing the '.json' keyword using a default barcode configuration file. This issue stems from a lack of protection against path traversal, permitting attackers to specify arbitrary locations for file manipulation. All versions prior to 1.3.3 are affected, rendering them susceptible to potential misuse.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kr.co.bluebird.android.bbsettings Android 0 < 1.3.3

References

https://cert.pl/en/posts/2025/07CVE-2025-5344

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
May 30, 2025

Credit

Szymon Chadam

JSON

Bluebird

What is CVE-2025-5346?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.