CVE-2025-68713

216.73.217.22

· Published 15/06/2026 22:16 · Modified 16/06/2026 15:51 · Author: The MITRE Corporation

Labels: CVE-2025-68713 2026-06-15 CVE-2025-68713 CWE-926 [email protected]

Essential information

Published: 15/06/2026 22:16
Modified: 16/06/2026 15:51
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 8.0 HIGH (v3.1)
CISA KEV: No
CWE: CWE-926
EPSS (First): P6.2% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00166)
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
estmob / sendanywhere	`cpe:2.3:a:estmob:sendanywhere:23.2.9:::::::*`