CVE-2025-57452
MEDIUMrealme BackupRestore 15.1.12_2810c08_250314 - Cross-Site Scripting via ADB Intent URI Scheme
Title source: llmDescription
In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents.
References (2)
Core 2
Core References
Product
http://realme.com/
Third Party Advisory
https://gist.github.com/Brucewebva/8a37010c5b1f05fd5e61591830bcbb37
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
15.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
realme/clone_phone
15.11.2_281008_250314
Published
Sep 18, 2025
Tracked Since
Feb 18, 2026