CVE-2025-14699

Vulnerability

Details

The FAX App (biz.faxapp.app) version 3.27.0 on Android suffers from a path traversal vulnerability in its file import mechanism. The component biz.faxapp.app.ui.main.MainActivity performs insufficient security checks when handling file URIs, allowing an attacker to control both the filename and content via path traversal sequences such as ../ [1]. This enables writing files to arbitrary locations within the app's internal storage.

Exploitation

Exploitation is local and requires the attacker to install a malicious app on the same device. The malicious app sends a crafted ACTION_VIEW intent to the FAX App's main activity with a URI containing path traversal in the _display_name parameter. When the victim opens the malicious app, it automatically triggers the intent without further user interaction, causing the FAX App to write files controlled by the attacker [1].

Impact

An attacker can write arbitrary files, potentially overwriting sensitive configuration files or injecting malicious content. By writing a large number of oversized files, the attacker can cause denial of service by exhausting the app's storage or memory. This breaks Android's sandbox isolation and compromises data integrity and availability [1].

Mitigation

As of the publication date, the vendor (MUNICORN LIMITED) has not responded to the disclosure, and no patch is available. Users are advised to uninstall or disable the FAX App until a fix is released. Additionally, avoid installing untrusted apps that may exploit this vulnerability [1].