Closed Source software isn't inherently dangerous, but bad, outdated or malicious code is (which is easier to find on Open Source software). Also you need to know what is dangerous for you and your threat model (e.g. is your "attack surface" about security, privacy or anonymity and who is the attacker?).
That all being said: CX file explorer seems well-regarded, is under active development and I couldn't find any scandals about it on a quick research. According to Exodus it contains 2 Google trackers and wants 16 permissions, 3 of which indicate "dangerous" levels of access (red exclamation mark). For reference some Open Source file managers like Ghost Commander or Amaze want 14 permissions, so it's not unusual for feature rich apps. FireFiles on the other hand is Open Source and requires 11 permissions, but didn't receive updates in over 5 years which I would consider far less secure than an up to date Cx file explorer. You need to figure out if any of your research raises a red flag for you or if you are okay with what your know about your desired app and the control you have over it, especially on GOS. You can mitigate many things by disabling network access, removing unnecessary permissions, restricting battery, using profiles and fine tuning access with storage scopes. Would that work for you if you can't find a good Open Source alternative?
Edit: Typos