Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
8Blast Radius
ecosystem impact- 1 maven packages depend on org.apktool:apktool-lib (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 3.0.0.
DescriptionGitHub Advisory
Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding (apktool d). This is a security regression introduced in commit e10a045 (PR #4041, December 12, 2025), which removed the BrutIO.sanitizePath() call that previously prevented path traversal in resource file output paths. An attacker can embed ../ sequences in the resources.arsc Type String Pool to escape the output directory and write files to arbitrary locations, including ~/.ssh/config, ~/.bashrc, or Windows Startup folders, escalating to RCE. The fix in version 3.0.2 re-introduces BrutIO.sanitizePath() in ResFileDecoder.java before file write operations.
AnalysisAI
Path traversal in Apktool 3.0.0-3.0.1 enables malicious APK files to write arbitrary files during decoding operations, potentially achieving remote code execution by overwriting shell configuration files or startup scripts. This security regression, introduced December 12, 2025 when sanitization controls were removed from resource decoder logic, allows attackers to embed directory traversal sequences in APK metadata that escape output directories and target critical system files like ~/.ssh/config or Windows Startup folders. CVSS 7.1 with local attack vector and required user interaction. No active exploitation (CISA KEV) or public POC identified at time of analysis, but exploit development is straightforward given the detailed technical disclosure in GitHub advisory GHSA-m8mh-x359-vm8m.
Technical ContextAI
Apktool is a widely-used reverse engineering framework for Android APK files, enabling security researchers and developers to decode application resources and reassemble modified packages. The vulnerability resides in the resource file decoder component (brut/androlib/res/decoder/ResFileDecoder.java), which processes the resources.arsc file - a binary archive containing all compiled resources (strings, layouts, images) indexed by Type String Pools. During normal apktool d decoding operations, the tool extracts resource names from these string pools and writes corresponding files to the output directory. The CWE-22 path traversal flaw allows malicious APK authors to inject ../ sequences into resource file paths stored within the resources.arsc Type String Pool. When processed without sanitization, these sequences cause file writes to escape the intended output directory. Commit e10a045 (PR #4041) inadvertently removed the BrutIO.sanitizePath() validation function that previously normalized paths and stripped traversal attempts, creating a window between December 2025 and the 3.0.2 patch release where all resource extraction operations became vulnerable to directory escape attacks.
RemediationAI
Immediately upgrade to Apktool version 3.0.2 or later, available at https://github.com/iBotPeaches/Apktool/releases/tag/v3.0.2, which re-implements path sanitization controls in ResFileDecoder.java to prevent directory traversal during resource extraction. Organizations unable to upgrade immediately should implement the following compensating controls with noted trade-offs: (1) Execute all apktool d operations within containerized environments (Docker, Podman) or virtual machines with isolated filesystems, preventing escape to host system directories but adding operational overhead to analysis workflows. (2) Run Apktool under restricted user accounts with write permissions limited to dedicated output directories outside user home folders, mitigating SSH config and shell profile overwrites but not preventing writes to permitted paths. (3) Deploy mandatory access control systems (SELinux, AppArmor) with policies restricting Apktool file write operations to explicitly whitelisted paths, requiring security expertise to configure correctly and potentially breaking legitimate resource extraction to unexpected locations. (4) Process only APK files from explicitly trusted sources and avoid decoding samples from malware repositories, app stores, or unknown origins without sandboxing, though this limits security research capabilities. For automated analysis pipelines, implement pre-processing validation that inspects resources.arsc Type String Pools for path traversal sequences (../, .\, absolute paths) before invoking Apktool, with the caveat that sophisticated obfuscation may bypass string-based detection. The vendor patch is the only complete mitigation; all workarounds carry operational or security limitations.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24043
GHSA-m8mh-x359-vm8m