All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2025-68713
HIGHpublished 2026-06-15 20:16 UTC · 10 days ago · modified 2026-06-16 15:51 UTC
8.0
CVSS / 10
// description
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
// weaknesses (CWE)
- CWE-926