CVE-2025-7891 is a medium-severity vulnerability affecting the InstantBits Web Video Cast App on Android versions up to 5.12.4. The root cause lies in the improper export of Android application components declared in the AndroidManifest.xml file, specifically within the component com.instantbits.cast.webvideo. Improper export means that components such as activities, services, or broadcast receivers are made accessible to other apps or processes without adequate access controls. This can allow a local attacker—someone with physical or local access to the device—to interact with these components in unintended ways. The vulnerability does not require user interaction or elevated privileges beyond local access, but it does require the attacker to have at least limited privileges (PR:L) on the device. The CVSS 4.0 vector indicates low attack complexity and no user interaction, but limited privileges are needed. The impact on confidentiality, integrity, and availability is limited but present, as the attacker could potentially manipulate app behavior or access sensitive data exposed via these components. The vendor was notified but did not respond, and no patches or mitigations have been published yet. No known exploits are currently in the wild, but the exploit details have been publicly disclosed, increasing the risk of exploitation. This vulnerability highlights the importance of correctly configuring component export settings in Android apps to prevent unauthorized access from other apps or processes on the device.

For European organizations, the impact of this vulnerability depends largely on the prevalence of the InstantBits Web Video Cast App within their user base or employee devices. Organizations that allow or rely on this app for media casting or streaming could face risks of local privilege escalation or unauthorized access to app components, potentially leading to data leakage or manipulation of app functions. Although the attack requires local access, this could be exploited in scenarios involving shared devices, insider threats, or compromised endpoints. The vulnerability could also be leveraged as part of a multi-stage attack chain to gain further foothold on Android devices used within corporate environments. Given the app’s functionality related to media streaming, there is also a risk of disruption or misuse of media content. However, the overall impact is somewhat limited by the requirement for local access and the medium severity rating. Still, organizations should be aware of this vulnerability as part of their mobile device security posture, especially in sectors where Android devices are widely used and where media casting apps are common.

1. Immediate mitigation involves restricting physical and local access to devices running the affected versions of the InstantBits Web Video Cast App. 2. Organizations should audit their mobile device management (MDM) policies to detect and control the installation of this app, especially versions 5.12.0 through 5.12.4. 3. Encourage users to update the app once a patched version is released; until then, consider uninstalling or disabling the app if it is not essential. 4. Implement application whitelisting and privilege restrictions on Android devices to limit the ability of untrusted apps or users to interact with exported components. 5. Monitor device logs and behavior for unusual activity related to the app’s components. 6. Educate users about the risks of installing apps from untrusted sources and the importance of device security to prevent local exploitation. 7. If possible, use Android’s security features such as Work Profiles or sandboxing to isolate apps and reduce the risk of component misuse. 8. Engage with the vendor or community for updates or unofficial patches if the vendor remains unresponsive.