{"@ID": "925", "@Name": "Improper Verification of Intent by Broadcast Receiver", "@Abstraction": "Variant", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.", "Extended_Description": "Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "940", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "Mobile", "@Prevalence": "Undetermined"}}, "Alternate_Terms": {"Alternate_Term": {"Term": "Intent Spoofing"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Architecture and Design"}}, "Common_Consequences": {"Consequence": {"Scope": "Integrity", "Impact": "Gain Privileges or Assume Identity", "Note": "Another application can impersonate the operating system and cause the software to perform an unintended action."}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)", "Effectiveness": "High"}}, "Potential_Mitigations": {"Mitigation": {"Phase": "Architecture and Design", "Description": "Before acting on the Intent, check the Intent Action to make sure it matches the expected System action."}}, "Demonstrative_Examples": {"Demonstrative_Example": {"Intro_Text": "The following example demonstrates the weakness.", "Example_Code": [{"@Nature": "Bad", "@Language": "XML", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:br": [null, null, null, null, null], "xhtml:i": ["...", "..."], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"@style": "margin-left:1em;", "#text": "<action android:name=\"android.intent.action.ACTION_SHUTDOWN\" />"}, "#text": "<intent-filter></intent-filter>"}, "#text": "<receiver android:name=\".ShutdownReceiver\"></receiver>"}}, "#text": "<application>\n                           \n                           \n                           \n                           \n                           \n                           \n                           </application>"}}, "#text": "<manifest package=\"com.example.vulnerableApplication\"></manifest>"}}, {"@Nature": "Bad", "@Language": "Java", "xhtml:div": {"xhtml:br": [null, null, null, null, null, null, null], "xhtml:i": ["...", "..."], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": null, "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": null, "#text": "mainActivity.saveLocalData();mainActivity.stopActivity();"}, "#text": "@Overridepublic void onReceive(final Context context, final Intent intent) {}"}, "#text": "IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);BroadcastReceiver sReceiver = new ShutDownReceiver();registerReceiver(sReceiver, filter);\n                     \n                     \n                     public class ShutdownReceiver extends BroadcastReceiver {}"}}, {"@Nature": "Attack", "@Language": "Java", "xhtml:div": "window.location = examplescheme://method?parameter=value"}], "Body_Text": ["The ShutdownReceiver class will handle the intent:", "Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:", "An attacker can use this behavior to cause a denial of service."]}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2025-20972", "Description": "Mobile app store does not properly verify the intent by the broadcast receiver, allowing local attackers to write arbitrary files", "Link": "https://www.cve.org/CVERecord?id=CVE-2025-20972"}, {"Reference": "CVE-2024-10576", "Description": "Mobile device has an application that exposes a broadcast received that allows local attackers to force a factory reset", "Link": "https://www.cve.org/CVERecord?id=CVE-2024-10576"}]}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "499"}}, "References": {"Reference": {"@External_Reference_ID": "REF-922", "@Section": "3.2.1"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": {"@Type": "Maintenance", "#text": "This entry will be made more comprehensive in later CWE versions."}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2013-06-24", "Submission_Version": "2.5", "Submission_ReleaseDate": "2013-07-17"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-02-18", "Modification_Version": "2.6", "Modification_ReleaseDate": "2014-02-19", "Modification_Comment": "updated Alternate_Terms, Demonstrative_Examples, Description, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Applicable_Platforms, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Detection_Factors, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2026-04-30", "Modification_Version": "4.20", "Modification_ReleaseDate": "2026-04-30", "Modification_Comment": "updated Observed_Examples"}]}}
