PatchSiren cyber security CVE debrief
CVE-2025-68713 Rakuten CVE debrief
CVE-2025-68713 is a vulnerability in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) version 23.2.9. The issue allows untrusted applications, with no required permissions, to force the download of arbitrary files into the app's scoped storage. These files then appear in the app's trusted Received interface. This condition can be exploited for arbitrary code execution if the downloaded payload is an APK file. Alternatively, it can lead to a denial-of-service (DoS) condition through resource exhaustion caused by oversized file transfers.
- Vendor
- Rakuten
- Product
- Send Anywhere (File Transfer) for Android
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Rakuten Send Anywhere (File Transfer) for Android version 23.2.9, administrators of networks where this app is used, and security teams responsible for managing vulnerabilities in mobile applications.
Technical summary
The vulnerability exists due to insufficient validation of file downloads within the Rakuten Send Anywhere app. Untrusted apps can exploit this by forcing downloads of arbitrary files, including potentially malicious APKs, into the app's storage. This can occur without the need for any special permissions, making it a significant risk.
Defensive priority
High
Recommended defensive actions
- Update Rakuten Send Anywhere (File Transfer) for Android to a version that fixes this vulnerability.
- Restrict the installation of untrusted applications on devices where Rakuten Send Anywhere is used.
- Monitor network traffic and device logs for suspicious activity related to file downloads and app installations.
- Consider implementing mobile device management (MDM) solutions to enforce security policies on mobile devices.
Evidence notes
The CVE record for CVE-2025-68713 was published and last modified on June 15, 2026. The vulnerability details were sourced from official CVE and NVD sources.
Official resources
-
CVE-2025-68713 CVE record
CVE.org
-
CVE-2025-68713 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-68713 was published on 2026-06-15T20:16:24.703Z and last modified on the same date.