CVE-2025-64696 identifies a security vulnerability in the Android application "Brother iPrint&Scan" developed by Brother Industries, Ltd. The affected versions, 6.13.7 and earlier, improperly utilize an external cache directory to store application-specific files. Android external cache directories are accessible by other applications with appropriate permissions, unlike internal app storage which is sandboxed. This misconfiguration can lead to unauthorized access where malicious applications installed on the same device can read sensitive cached data belonging to the Brother app. The vulnerability does not require elevated privileges but does require local access to the device and some user interaction, such as installing a malicious app. The impact is limited to confidentiality as the attacker can only read cached data; there is no impact on data integrity or application availability. The CVSS v3.0 score of 3.3 reflects a low severity due to the attack vector being local, low complexity, no privileges required, but requiring user interaction, and limited confidentiality impact. No known exploits are currently reported in the wild. This vulnerability highlights the risks of improper use of external storage on Android, which can expose sensitive information to other apps due to Android's shared storage model. The issue can be remediated by moving sensitive cache data to internal storage or using Android's scoped storage mechanisms introduced in recent OS versions.

For European organizations, the primary impact is a potential confidentiality breach of sensitive information cached by the Brother iPrint&Scan app on employee Android devices. If a malicious app is installed on the same device, it could access cached files, potentially exposing print job details or user data related to printing and scanning operations. While the vulnerability does not affect data integrity or availability, the leakage of sensitive information could lead to privacy violations or indirect operational risks. Organizations with Bring Your Own Device (BYOD) policies or less controlled mobile environments are at higher risk. The impact is mitigated by the requirement for local device access and user interaction to install a malicious app. However, in environments where mobile device security hygiene is weak, this vulnerability could be exploited to gather intelligence or sensitive data. The low CVSS score indicates limited risk, but organizations handling sensitive documents should prioritize mitigation to prevent any data leakage.

1. Update the Brother iPrint&Scan app to the latest version once Brother Industries releases a patch addressing this vulnerability. 2. Until a patch is available, restrict installation of untrusted or unknown applications on employee devices to reduce risk of malicious apps exploiting this vulnerability. 3. Enforce mobile device management (MDM) policies that limit app permissions, especially access to external storage and cache directories. 4. Educate users about the risks of installing apps from unverified sources and the importance of device security hygiene. 5. Consider disabling or restricting use of the Brother iPrint&Scan app on devices where sensitive information confidentiality is critical, or use alternative secure printing solutions. 6. Monitor devices for suspicious app installations or unusual access patterns to cached files. 7. Encourage use of Android OS versions with scoped storage enabled, which limits app access to external storage and reduces such risks.