Untrusted Apps Force Arbitrary File Downloads to Trusted Storage

CVE-2025-68713 affects Rakuten Send Anywhere on Android, where untrusted applications with no special permissions can exploit the app to force arbitrary file downloads into its scoped storage directory. The downloaded files then appear in the application's trusted "Received" interface, creating a false sense of legitimacy. This vulnerability is particularly dangerous because it can be leveraged for arbitrary code execution when the payload is an APK file, or to trigger denial-of-service conditions through resource exhaustion. Any Android user with this application installed is potentially at risk from malicious actors who can abuse this mechanism without requiring elevated permissions.

While CVE-2025-68713 does not map to specific MITRE ATT&CK techniques in the vulnerability record, Casky's platform would detect the underlying attack patterns through behavioral analysis of file operations and application interaction anomalies. Although zero Casky skills currently match this CVE's CWE-926 classification, practitioners using Casky's extended reasoning capabilities would identify suspicious patterns such as: unexpected file writes to application directories from unprivileged contexts, abnormal inter-process communication between untrusted apps and trusted applications, and potential APK staging in accessible storage locations. Security teams should monitor for these behavioral indicators and use Casky's skill framework to hunt for similar privilege escalation and code injection patterns across their Android threat landscape.