Improper Export in bsc Peru Cocktails App Affects Android Device Security
CVE-2025-8275

4.8MEDIUM

Key Information:

Vendor: Bsc
Status: Peru Cocktails App
Vendor: CVE Published:; 28 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8275?

The bsc Peru Cocktails App version 1.0.0 for Android exhibits significant security flaws in its AndroidManifest.xml file. This vulnerability allows improper export of application components, which can potentially be exploited by malicious actors on the local host. The details of the exploit have been made public, raising concerns about unauthorized access to sensitive functionalities within the app. Users are advised to assess their security posture and apply necessary mitigations to prevent exploitation.

Affected Version(s)

Peru Cocktails App 1.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8275 - Proof of Concept

References

https://vuldb.com/?id.317864

vdb-entry

https://vuldb.com/?ctiid.317864

signaturepermissions-required

https://vuldb.com/?submit.623582

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 28, 2025
👾
Exploit known to exist
Jul 28, 2025
Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 27, 2025

Credit

fxizenta (VulDB User)

Bsc