CVE Catalog

CVE-2025-68713

HighCVSS 8.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability was discovered in Rakuten Send Anywhere for Android (version 23.2.9) that allows untrusted applications to force arbitrary file downloads into the app's storage. These files appear in the application's trusted Received interface, creating a vector for arbitrary code execution or denial-of-service through resource exhaustion.

Risk Assessment

The organization may be exposed to malicious code execution or denial-of-service attacks, potentially leading to data loss or application downtime.

Recommendation

It is recommended to update the application to the latest version and to monitor and restrict access to the application to minimize the risk of exploitation of this vulnerability.

Original NVD description (English source)

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS