Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10506

react-native-share is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jul 29, 2025

78

High Risk

This Affects:

JSreact-native-share
3.2.0 - 12.1.0
Fixed in 12.1.1
Are you affected? Scan for Free

TL;DR

Affected versions of this package may expose sensitive information due to the use of <root-path path="." /> in share_download_paths.xml. This configuration grants access to the app’s entire internal storage directory, potentially exposing files and subdirectories that were intended to remain private. As a result, other apps or users may gain unauthorized access to sensitive data such as configuration files, cached content, or authentication tokens. This constitutes a violation of access boundaries, exposing internal resources to a broader and unintended audience.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

react-native-share is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in versions 3.2.0 - 12.1.0.

How to fix this

Upgrade the react-native-share library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done