Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
AnalysisAI
Arbitrary file overwrite in UXGROUP LLC Voice Recorder v10.0 allows remote attackers to overwrite critical internal files through the file import mechanism, enabling arbitrary code execution or sensitive information exposure. No CVSS score, EPSS data, or KEV status was available at analysis time; exploitation likelihood cannot be quantified from standard metrics, but the presence of publicly documented vulnerability research suggests active security scrutiny.
Technical ContextAI
The vulnerability exists in the file import process of Voice Recorder v10.0, where insufficient input validation or path traversal protections permit attackers to manipulate file paths during import operations. This class of vulnerability typically involves CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, 'Path Traversal') or CWE-434 (Unrestricted Upload of File with Dangerous Type). The attack vector targets the application's file handling logic, allowing an attacker to write arbitrary content to locations outside the intended import directory. The dual impact (RCE and information disclosure) suggests the application either executes imported code paths or stores sensitive configuration data that becomes accessible when overwritten.
RemediationAI
Primary remediation requires upgrading UXGROUP LLC Voice Recorder beyond version 10.0; however, no specific patched version number was identified in the available references. Users should immediately cease use of Voice Recorder v10.0 for untrusted file imports and monitor the official source (http://voice.com) and vendor advisory channels for a security update. As an interim mitigation, restrict file import functionality to trusted sources only and avoid importing files from untrusted users until a patch is confirmed available. Consult the vendor's security advisory and the public vulnerability documentation at https://github.com/Secsys-FDU/AF_CVEs/issues/25 for additional technical details and any temporary workarounds.
More in Voice Recorder
View allImproper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access record
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02
Same weakness CWE-73 – External Control of File Name or Path
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17520
GHSA-fgxv-26q5-6xq2