1. Home
  2. CWE Database
  3. CWE-925
Variant · Low-Medium

CWE-925: Improper Verification of Intent by Broadcast Receiver

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

CWE-925 · Variant Level ·2 CVEs ·1 Mitigations

Description

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.

Potential Impact

Integrity

Gain Privileges or Assume Identity

Demonstrative Examples

The following example demonstrates the weakness.
Bad
<manifest package="com.example.vulnerableApplication">
                        <application>
                           ...
                           
                           
                              <receiver android:name=".ShutdownReceiver"><intent-filter><action android:name="android.intent.action.ACTION_SHUTDOWN" /></intent-filter></receiver>
                           
                           
                           ...
                           
                           </application>
                     </manifest>
The ShutdownReceiver class will handle the intent:
Bad
...
                     IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);BroadcastReceiver sReceiver = new ShutDownReceiver();registerReceiver(sReceiver, filter);
                     ...
                     
                     public class ShutdownReceiver extends BroadcastReceiver {@Overridepublic void onReceive(final Context context, final Intent intent) {mainActivity.saveLocalData();mainActivity.stopActivity();}}
Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:
Attack
window.location = examplescheme://method?parameter=value
An attacker can use this behavior to cause a denial of service.

Mitigations & Prevention

Architecture and Design

Before acting on the Intent, check the Intent Action to make sure it matches the expected System action.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2025-20972Mobile app store does not properly verify the intent by the broadcast receiver, allowing local attackers to write arbitrary files
CVE-2024-10576Mobile device has an application that exposes a broadcast received that allows local attackers to force a factory reset

CWE-940: Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but i...

Frequently Asked Questions

What is CWE-925?

CWE-925 (Improper Verification of Intent by Broadcast Receiver) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

How can CWE-925 be exploited?

Attackers can exploit CWE-925 (Improper Verification of Intent by Broadcast Receiver) to gain privileges or assume identity. This weakness is typically introduced during the Architecture and Design phase of software development.

How do I prevent CWE-925?

Key mitigations include: Before acting on the Intent, check the Intent Action to make sure it matches the expected System action.

What is the severity of CWE-925?

CWE-925 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 2 real-world CVEs.