realme BackupRestore App Improper URI Scheme Handling Vulnerability Allowing Crash and Potential XSS

Vulnerability

A vulnerability has been identified in the realme BackupRestore application, version 15.1.12_2810c08_250314. The issue arises from improper handling of URI schemes in the 'com.coloros.pc.PcToolMainActivity' component. This vulnerability allows local attackers to craft ADB intents that can cause the application to crash and potentially lead to cross-site scripting (XSS) attacks.

Impact

Exploitation of this vulnerability can cause the application to crash and introduce cross-site scripting (XSS) vulnerabilities.

Added: Sep 18, 2025, 4:13 PM

Updated: Sep 18, 2025, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

2.8

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

2.8

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

realme BackupRestore App Improper URI Scheme Handling Vulnerability Allowing Crash and Potential XSS

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating