Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68713

CVE-2025-68713: Rakuten Send Anywhere RCE Vulnerability

CVE-2025-68713 is a remote code execution flaw in Rakuten Send Anywhere for Android that allows untrusted apps to force malicious file downloads. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2025-68713 Overview

CVE-2025-68713 affects Rakuten Send Anywhere (File Transfer) for Android, package com.estmob.android.sendanywhere version 23.2.9. The vulnerability allows untrusted applications without any granted permissions to force arbitrary file downloads into the app's scoped storage. Downloaded files then appear in the application's trusted Received interface, blurring the trust boundary between attacker-supplied content and user-initiated transfers. The flaw is categorized under [CWE-926], improper export of Android application components.

Critical Impact

A co-resident malicious app can plant APK payloads or oversized files inside Send Anywhere's trusted received list, enabling arbitrary code execution paths and denial-of-service through resource exhaustion.

Affected Products

  • Rakuten Send Anywhere (File Transfer) for Android com.estmob.android.sendanywhere version 23.2.9
  • Android installations running the affected package
  • Devices where untrusted applications can interact with exported components of the affected app

Discovery Timeline

  • 2026-06-15 - CVE-2025-68713 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-68713

Vulnerability Analysis

The issue resides in how Send Anywhere exposes file-transfer entry points to other applications on the device. A second app installed on the same Android device, holding no permissions, can invoke an exported component and cause Send Anywhere to write attacker-controlled content into its scoped storage. The transferred files are then enumerated in the application's Received interface, which users treat as a trusted source of incoming transfers.

Two follow-on impacts are documented. If the attacker delivers an APK file, the user may install it from the trusted view, producing an arbitrary code execution path. If the attacker delivers an oversized payload, scoped storage and processing pipelines exhaust device resources, producing a denial-of-service condition.

Root Cause

The root cause is an improperly exported Android component that accepts file-write operations from arbitrary callers without validating origin or content. Mapping to [CWE-926], the affected component lacks the permission gating and signature checks required to constrain inter-process communication on Android.

Attack Vector

Exploitation requires a malicious application to be installed on the same device. That application sends a crafted Intent or invokes the exported interface to instruct Send Anywhere to retrieve and store an attacker-chosen file. User interaction is required to open or install the resulting file from the Received view, which the attack abuses through trust transference.

No verified exploit code is published. Proof-of-concept material is hosted in the GitHub PoC Repository.

Detection Methods for CVE-2025-68713

Indicators of Compromise

  • Unexpected APK files or unusually large files appearing in the Send Anywhere Received list without a corresponding user-initiated transfer.
  • Recently installed third-party apps that issue Intents targeting com.estmob.android.sendanywhere exported components.
  • Sudden growth of the Send Anywhere scoped storage directory or device storage exhaustion alerts.

Detection Strategies

  • Inspect Android logs and Intent traces for cross-application invocations of Send Anywhere components originating from non-user processes.
  • Use mobile threat defense tooling to flag apps that programmatically push files into other applications' scoped storage.
  • Audit installed package lists on managed devices for the vulnerable version 23.2.9 of com.estmob.android.sendanywhere.

Monitoring Recommendations

  • Monitor enterprise mobility management (EMM) inventories for the affected package version and alert on its presence.
  • Track installation events that originate from files surfaced through the Send Anywhere Received interface.
  • Forward Android security logs to a centralized analytics platform to correlate IPC anomalies across the fleet.

How to Mitigate CVE-2025-68713

Immediate Actions Required

  • Update Rakuten Send Anywhere to a fixed release once published by the vendor.
  • Remove or disable the vulnerable version 23.2.9 of com.estmob.android.sendanywhere on managed devices until a patch is available.
  • Instruct users not to install APK files or open large transfers that appear in the Received view without verifying their origin.

Patch Information

No vendor advisory or fixed version is listed in the NVD record at the time of publication. Administrators should consult the Google Play listing for com.estmob.android.sendanywhere and apply the next vendor update that supersedes version 23.2.9. Refer to the GitHub PoC Repository for technical detail used to validate fixes.

Workarounds

  • Uninstall Send Anywhere from devices that do not require its functionality until a patched build is released.
  • Enforce mobile application management policies that block installation of APK files from non-Google-Play sources.
  • Restrict sideloading and require signature verification for any APK delivered through third-party file-sharing apps.
bash
# Configuration example: identify the vulnerable package on managed Android devices via ADB
adb shell pm list packages -f | grep com.estmob.android.sendanywhere
adb shell dumpsys package com.estmob.android.sendanywhere | grep versionName
# Remove the vulnerable package if present
adb uninstall com.estmob.android.sendanywhere

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.