CVE-2025-10721 is a medium-severity vulnerability identified in version 11.2.5.63 of the Webull Investing & Trading App on Android. The root cause lies in the improper export of Android application components as defined in the AndroidManifest.xml file. Specifically, certain components of the app are incorrectly marked as exported, allowing other local applications on the same device to interact with these components without proper authorization. This misconfiguration can lead to unauthorized access or manipulation of app functionality or data. The attack vector is local, meaning an attacker must have local access to the device, such as through installing a malicious app or having physical access. The vulnerability does not require user interaction and can be exploited with low attack complexity and low privileges, but it does not affect system confidentiality, integrity, or availability at a high level, as indicated by the CVSS 4.8 score. The vendor was notified but did not respond, and no patch has been published yet. Although the exploit has been publicly disclosed, there are no known exploits in the wild at this time. This vulnerability is significant because the Webull app handles sensitive financial and personal information, and improper component export could allow local attackers to escalate privileges or access sensitive data indirectly through the app's components.

For European organizations, particularly those whose employees or clients use the Webull Android app, this vulnerability poses a moderate risk. If an attacker gains local access to a device, they could exploit the improperly exported components to interfere with the app's operations or access sensitive financial data. This could lead to unauthorized transactions, data leakage, or manipulation of trading activities. Financial institutions and investment firms using or recommending Webull could face reputational damage and regulatory scrutiny if client data or transactions are compromised. Additionally, the local nature of the attack means that organizations with Bring Your Own Device (BYOD) policies or less stringent mobile device management controls are more vulnerable. The lack of vendor response and patch availability increases the window of exposure, emphasizing the need for internal mitigations. However, since remote exploitation is not possible, the threat is somewhat contained to scenarios involving device compromise or insider threats.

European organizations should implement the following specific mitigations: 1) Enforce strict mobile device management (MDM) policies that restrict installation of untrusted or unknown applications to reduce the risk of local malicious apps exploiting this vulnerability. 2) Educate users on the risks of installing apps from unofficial sources and the importance of device security hygiene. 3) Monitor devices for unusual app interactions or behaviors that could indicate exploitation attempts targeting Webull components. 4) Where possible, isolate or sandbox the Webull app environment to limit inter-app communication and reduce the impact of improperly exported components. 5) Encourage users to update the Webull app promptly once a patch is released. 6) Consider alternative trading platforms with better security track records if the risk is deemed unacceptable. 7) For organizations with sensitive financial operations, implement endpoint detection and response (EDR) solutions capable of detecting suspicious local privilege escalation or inter-process communication attempts. These targeted steps go beyond generic advice by focusing on controlling local access and inter-app interactions specific to this vulnerability.