Back to search
CVE-2025-5345
Published: Jul 17, 2025
Modified: Jul 17, 2025
PUBLISHED
Description
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-level permissions. Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6
| Vendor | Product | Versions |
|---|---|---|
Bluebird | com.bluebird.filemanagers | affected 1.4.4unaffected 0 - <= 1.3.6 |
Weaknesses (CWE)
References
https://cert.pl/en/posts/2025/07/CVE-2025-5344
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now