CVE-2025-10717 is a medium-severity vulnerability affecting the intsig CamScanner App version 6.91.1.5.250711 on Android devices. The root cause lies in improper exportation of Android application components declared in the app's AndroidManifest.xml file, specifically within the component com.intsig.camscanner. Improper export means that components such as activities, services, or broadcast receivers are made accessible to other apps or processes without adequate access control. This can allow a local attacker—someone with physical or logical access to the device—to interact with these components in unintended ways. The vulnerability does not require user interaction or elevated privileges beyond local access, and no authentication is needed to exploit it. The CVSS 4.0 vector indicates low attack complexity and low privileges required, with partial impact on confidentiality, integrity, and availability. Although the exploit has been publicly disclosed, there are no known exploits actively used in the wild yet. The vendor was notified but did not respond or provide a patch, leaving users exposed. This vulnerability could be leveraged to execute unauthorized actions within the app context, potentially leading to data leakage, unauthorized data modification, or disruption of app functionality. Since CamScanner is widely used for document scanning and management, exploitation could compromise sensitive scanned documents or metadata stored or processed by the app. The lack of vendor response and patch availability increases the risk for users who cannot easily remediate the issue.

For European organizations, this vulnerability poses a risk primarily to employees or users who utilize the CamScanner app on Android devices for handling sensitive documents. If exploited, attackers with local access could manipulate app components to access or alter confidential scanned documents, potentially leading to data breaches involving personal data, intellectual property, or business-critical information. This could result in violations of GDPR requirements concerning data confidentiality and integrity, leading to regulatory penalties and reputational damage. The impact is heightened in sectors with strict data protection needs such as finance, healthcare, legal, and government agencies. Additionally, compromised devices could serve as entry points for further lateral attacks within corporate networks if mobile device management (MDM) controls are insufficient. The medium severity rating suggests that while the vulnerability is not trivially exploitable remotely, the consequences of local exploitation can be significant, especially in environments where devices are shared, lost, or physically accessed by unauthorized personnel.

Given the absence of an official patch from the vendor, European organizations should implement the following specific mitigations: 1) Restrict installation and use of the vulnerable CamScanner app version on corporate-managed Android devices via MDM solutions, enforcing app whitelisting or blacklisting policies. 2) Educate users about the risks of local device access and enforce strong device-level security controls such as screen locks, biometric authentication, and encryption to prevent unauthorized physical access. 3) Monitor devices for unusual app behavior or inter-process communication that could indicate exploitation attempts. 4) Where possible, replace CamScanner with alternative scanning applications that have a stronger security posture and timely patching history. 5) Implement strict data handling policies to avoid storing highly sensitive documents solely on mobile devices without additional encryption or secure containerization. 6) Regularly audit installed app versions and promptly remove or update vulnerable versions once patches become available. 7) Employ endpoint detection and response (EDR) tools capable of detecting anomalous activity related to app component misuse.