CWE-926
Improper Export of Android Application Components
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CVE-2025-9102 (GCVE-0-2025-9102)
Vulnerability from cvelistv5 – Published: 2025-08-18 02:32 – Updated: 2025-08-18 13:08
VLAI
Title
1&1 Mail & Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components
Summary
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.320424 | vdb-entry |
| https://vuldb.com/?ctiid.320424 | signaturepermissions-required |
| https://vuldb.com/?submit.628264 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 1&1 Mail & Media | mail.com App |
Affected:
8.8.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9102",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T13:08:47.923464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:08:52.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.mail.mobile.android.mail.md#steps-to-reproduce"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.mail.mobile.android.mail.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.mail.mobile.android.mail"
],
"product": "mail.com App",
"vendor": "1\u00261 Mail \u0026 Media",
"versions": [
{
"status": "affected",
"version": "8.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in 1\u00261 Mail \u0026 Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in 1\u00261 Mail \u0026 Media mail.com App 8.8.0 auf Android gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei AndroidManifest.xml der Komponente com.mail.mobile.android.mail. Mittels dem Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T02:32:05.555Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320424 | 1\u00261 Mail \u0026 Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.320424"
},
{
"name": "VDB-320424 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320424"
},
{
"name": "Submit #628264 | 1\u00261 Mail \u0026 Media Inc mail.com(com.mail.mobile.android.mail) 8.8.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.628264"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.mail.mobile.android.mail.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.mail.mobile.android.mail.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-17T16:20:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "1\u00261 Mail \u0026 Media mail.com App com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9102",
"datePublished": "2025-08-18T02:32:05.555Z",
"dateReserved": "2025-08-17T14:15:42.482Z",
"dateUpdated": "2025-08-18T13:08:52.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9134 (GCVE-0-2025-9134)
Vulnerability from cvelistv5 – Published: 2025-08-19 10:32 – Updated: 2025-08-19 13:17
VLAI
Title
AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components
Summary
A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.320514 | vdb-entry |
| https://vuldb.com/?ctiid.320514 | signaturepermissions-required |
| https://vuldb.com/?submit.615253 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AfterShip | Package Tracker App |
Affected:
5.24.0
Affected: 5.24.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9134",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:17:42.438056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:17:45.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.aftership.AfterShip"
],
"product": "Package Tracker App",
"vendor": "AfterShip",
"versions": [
{
"status": "affected",
"version": "5.24.0"
},
{
"status": "affected",
"version": "5.24.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: \"After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it.\""
},
{
"lang": "de",
"value": "In AfterShip Package Tracker App bis 5.24.1 auf Android wurde eine Schwachstelle gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei AndroidManifest.xml der Komponente com.aftership.AfterShip. Die Ver\u00e4nderung resultiert in improper export of android application components. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T10:32:06.355Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320514 | AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.320514"
},
{
"name": "VDB-320514 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320514"
},
{
"name": "Submit #615253 | Aftership(https://www.aftership.com/mobile-app) AfterShip 5.24.1 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615253"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-19T07:27:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9134",
"datePublished": "2025-08-19T10:32:06.355Z",
"dateReserved": "2025-08-19T05:19:38.014Z",
"dateUpdated": "2025-08-19T13:17:45.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9135 (GCVE-0-2025-9135)
Vulnerability from cvelistv5 – Published: 2025-08-19 11:02 – Updated: 2025-09-13 15:04
VLAI
Title
Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components
Summary
A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied".
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.320515 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.320515 | signaturepermissions-required |
| https://vuldb.com/?submit.615276 | third-party-advisory |
| https://vuldb.com/?submit.615278 | third-party-advisory |
| https://vuldb.com/?submit.628235 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/d… | related |
| https://github.com/KMov-g/androidapps/blob/main/d… | exploit |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Verkehrsauskunft Österreich | SmartRide |
Affected:
12.1.1(258)
Unaffected: 12.1.2(259) |
|
| Verkehrsauskunft Österreich | cleVVVer |
Affected:
12.1.1(258)
Unaffected: 12.1.2(259) |
|
| Verkehrsauskunft Österreich | BusBahnBim |
Affected:
12.1.1(258)
Unaffected: 12.1.2(259) |
|
| Verkehrsauskunft Österreich | Salzburg Verkehr |
Affected:
12.1.1(258)
Unaffected: 12.1.2(259) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:16:06.103026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:16:09.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SmartRide",
"vendor": "Verkehrsauskunft \u00d6sterreich",
"versions": [
{
"status": "affected",
"version": "12.1.1(258)"
},
{
"status": "unaffected",
"version": "12.1.2(259)"
}
]
},
{
"product": "cleVVVer",
"vendor": "Verkehrsauskunft \u00d6sterreich",
"versions": [
{
"status": "affected",
"version": "12.1.1(258)"
},
{
"status": "unaffected",
"version": "12.1.2(259)"
}
]
},
{
"product": "BusBahnBim",
"vendor": "Verkehrsauskunft \u00d6sterreich",
"versions": [
{
"status": "affected",
"version": "12.1.1(258)"
},
{
"status": "unaffected",
"version": "12.1.2(259)"
}
]
},
{
"product": "Salzburg Verkehr",
"vendor": "Verkehrsauskunft \u00d6sterreich",
"versions": [
{
"status": "affected",
"version": "12.1.1(258)"
},
{
"status": "unaffected",
"version": "12.1.2(259)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Verkehrsauskunft \u00d6sterreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by \"[r]emoving the task affinity of the app so it can\u0027t be copied\"."
},
{
"lang": "de",
"value": "In Verkehrsauskunft \u00d6sterreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) auf Android ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Verarbeitung der Datei AndroidManifest.xml. Die Bearbeitung verursacht improper export of android application components. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Das Aktualisieren auf Version 12.1.2(259) kann dieses Problem l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T15:04:59.517Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320515 | Verkehrsauskunft \u00d6sterreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320515"
},
{
"name": "VDB-320515 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320515"
},
{
"name": "Submit #615276 | Verkehrsauskunft \u00d6sterreich SmartRide 12.1.1(258) Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615276"
},
{
"name": "Submit #615278 | Verkehrsauskunft \u00d6sterreich cleVVVer(de.hafas.android.vvv) 12.1.1(258) Task Hijacking (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615278"
},
{
"name": "Submit #628235 | Verkehrsauskunft \u00d6sterreich BusBahnBim(de.hafas.android.stv) 12.1.1(258) Hijacking (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.628235"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2025-08-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-13T17:09:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Verkehrsauskunft \u00d6sterreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9135",
"datePublished": "2025-08-19T11:02:06.400Z",
"dateReserved": "2025-08-19T05:24:49.747Z",
"dateUpdated": "2025-09-13T15:04:59.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9671 (GCVE-0-2025-9671)
Vulnerability from cvelistv5 – Published: 2025-08-29 19:32 – Updated: 2025-08-29 19:47
VLAI
Title
UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components
Summary
A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321881 | vdb-entry |
| https://vuldb.com/?ctiid.321881 | signaturepermissions-required |
| https://vuldb.com/?submit.637922 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UAB | Paytend App |
Affected:
2.1.0
Affected: 2.1.1 Affected: 2.1.2 Affected: 2.1.3 Affected: 2.1.4 Affected: 2.1.5 Affected: 2.1.6 Affected: 2.1.7 Affected: 2.1.8 Affected: 2.1.9 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9671",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T19:46:51.115813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T19:47:00.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.passport.cash"
],
"product": "Paytend App",
"vendor": "UAB",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.3"
},
{
"status": "affected",
"version": "2.1.4"
},
{
"status": "affected",
"version": "2.1.5"
},
{
"status": "affected",
"version": "2.1.6"
},
{
"status": "affected",
"version": "2.1.7"
},
{
"status": "affected",
"version": "2.1.8"
},
{
"status": "affected",
"version": "2.1.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in UAB Paytend App bis 2.1.9 auf Android entdeckt. Davon betroffen ist unbekannter Code der Datei AndroidManifest.xml der Komponente com.passport.cash. Durch das Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T19:32:07.703Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321881 | UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321881"
},
{
"name": "VDB-321881 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321881"
},
{
"name": "Submit #637922 | UAB \"PAYTEND EUROPE\" Paytend 2.1.9 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.637922"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.passport.cash.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.passport.cash.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:17:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9671",
"datePublished": "2025-08-29T19:32:07.703Z",
"dateReserved": "2025-08-29T10:11:37.007Z",
"dateUpdated": "2025-08-29T19:47:00.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9672 (GCVE-0-2025-9672)
Vulnerability from cvelistv5 – Published: 2025-08-29 20:02 – Updated: 2025-08-29 20:19
VLAI
Title
Rejseplanen App de.hafas.android.rejseplanen AndroidManifest.xml improper export of android application components
Summary
A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321882 | vdb-entry |
| https://vuldb.com/?ctiid.321882 | signaturepermissions-required |
| https://vuldb.com/?submit.637924 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/d… | related |
| https://github.com/KMov-g/androidapps/blob/main/d… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Rejseplanen App |
Affected:
8.2.0
Affected: 8.2.1 Affected: 8.2.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9672",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T20:19:28.420928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:19:41.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"de.hafas.android.rejseplanen"
],
"product": "Rejseplanen App",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.2.0"
},
{
"status": "affected",
"version": "8.2.1"
},
{
"status": "affected",
"version": "8.2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Rejseplanen App bis 8.2.2 wurde eine Schwachstelle gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei AndroidManifest.xml der Komponente de.hafas.android.rejseplanen. Durch Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal m\u00f6glich. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:02:06.578Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321882 | Rejseplanen App de.hafas.android.rejseplanen AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321882"
},
{
"name": "VDB-321882 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321882"
},
{
"name": "Submit #637924 | Rejseplanen Rejseplanen(de.hafas.android.rejseplanen) 8.2.2(141) Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.637924"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.rejseplanen.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.rejseplanen.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:18:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Rejseplanen App de.hafas.android.rejseplanen AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9672",
"datePublished": "2025-08-29T20:02:06.578Z",
"dateReserved": "2025-08-29T10:13:14.563Z",
"dateUpdated": "2025-08-29T20:19:41.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9673 (GCVE-0-2025-9673)
Vulnerability from cvelistv5 – Published: 2025-08-29 20:02 – Updated: 2025-08-29 20:18
VLAI
Title
Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components
Summary
A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321883 | vdb-entry |
| https://vuldb.com/?ctiid.321883 | signaturepermissions-required |
| https://vuldb.com/?submit.637925 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kakao | 헤이카카오 Hey Kakao App |
Affected:
2.17.0
Affected: 2.17.1 Affected: 2.17.2 Affected: 2.17.3 Affected: 2.17.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9673",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T20:17:49.783223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:18:10.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.kakao.i.connect"
],
"product": "\ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App",
"vendor": "Kakao",
"versions": [
{
"status": "affected",
"version": "2.17.0"
},
{
"status": "affected",
"version": "2.17.1"
},
{
"status": "affected",
"version": "2.17.2"
},
{
"status": "affected",
"version": "2.17.3"
},
{
"status": "affected",
"version": "2.17.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App bis 2.17.4 auf Android ist eine Schwachstelle entdeckt worden. Betroffen ist eine unbekannte Verarbeitung der Datei AndroidManifest.xml der Komponente com.kakao.i.connect. Durch das Beeinflussen mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:02:08.396Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321883 | Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321883"
},
{
"name": "VDB-321883 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321883"
},
{
"name": "Submit #637925 | Kakao Corp. Hey Kakao(com.kakao.i.connect) 2.17.4 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.637925"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.kakao.i.connect.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.kakao.i.connect.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:19:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9673",
"datePublished": "2025-08-29T20:02:08.396Z",
"dateReserved": "2025-08-29T10:14:10.723Z",
"dateUpdated": "2025-08-29T20:18:10.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9674 (GCVE-0-2025-9674)
Vulnerability from cvelistv5 – Published: 2025-08-29 20:32 – Updated: 2025-09-03 15:54
VLAI
Title
Transbyte Scooper News App com.hatsune.eagleee AndroidManifest.xml improper export of android application components
Summary
A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321884 | vdb-entry |
| https://vuldb.com/?ctiid.321884 | signaturepermissions-required |
| https://vuldb.com/?submit.638068 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Transbyte | Scooper News App |
Affected:
1.0
Affected: 1.1 Affected: 1.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9674",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:56:50.321127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T15:54:53.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md#steps-to-reproduce"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.hatsune.eagleee"
],
"product": "Scooper News App",
"vendor": "Transbyte",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Transbyte Scooper News App bis 1.2 auf Android gefunden. Betroffen davon ist ein unbekannter Prozess der Datei AndroidManifest.xml der Komponente com.hatsune.eagleee. Durch Beeinflussen mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:32:07.088Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321884 | Transbyte Scooper News App com.hatsune.eagleee AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321884"
},
{
"name": "VDB-321884 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321884"
},
{
"name": "Submit #638068 | Transbyte App Scooper News: Local To Globa(com.hatsune.eagleee) 1.2 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.638068"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.hatsune.eagleee.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:21:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "Transbyte Scooper News App com.hatsune.eagleee AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9674",
"datePublished": "2025-08-29T20:32:07.088Z",
"dateReserved": "2025-08-29T10:16:04.238Z",
"dateUpdated": "2025-09-03T15:54:53.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9675 (GCVE-0-2025-9675)
Vulnerability from cvelistv5 – Published: 2025-08-29 20:32 – Updated: 2025-09-03 15:54
VLAI
Title
Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components
Summary
A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321887 | vdb-entry |
| https://vuldb.com/?ctiid.321887 | signaturepermissions-required |
| https://vuldb.com/?submit.638073 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Voice Changer App |
Affected:
1.0
Affected: 1.1.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9675",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:56:19.504203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T15:54:38.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.tuyangkeji.changevoice"
],
"product": "Voice Changer App",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In Voice Changer App bis 1.1.0 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei AndroidManifest.xml der Komponente com.tuyangkeji.changevoice. Die Bearbeitung verursacht improper export of android application components. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T20:32:09.227Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321887 | Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321887"
},
{
"name": "VDB-321887 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321887"
},
{
"name": "Submit #638073 | Voice Changer \u0026 Voice Recorder \u0026 Sound Effects Voice Changer - Sound Effects(com.tuyangkeji.changevoice) 1.1.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.638073"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:30:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9675",
"datePublished": "2025-08-29T20:32:09.227Z",
"dateReserved": "2025-08-29T10:25:30.375Z",
"dateUpdated": "2025-09-03T15:54:38.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9676 (GCVE-0-2025-9676)
Vulnerability from cvelistv5 – Published: 2025-08-29 21:02 – Updated: 2025-09-03 15:54
VLAI
Title
NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components
Summary
A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321888 | vdb-entry |
| https://vuldb.com/?ctiid.321888 | signaturepermissions-required |
| https://vuldb.com/?submit.638074 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NCSOFT | Universe App |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9676",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:55:34.044345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T15:54:23.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.ncsoft.universeapp"
],
"product": "Universe App",
"vendor": "NCSOFT",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in NCSOFT Universe App bis 1.3.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei AndroidManifest.xml der Komponente com.ncsoft.universeapp. Dank der Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T21:02:05.597Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321888 | NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321888"
},
{
"name": "VDB-321888 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321888"
},
{
"name": "Submit #638074 | NCSOFT UNIVERSE(com.ncsoft.universeapp) 1.3.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.638074"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:32:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9676",
"datePublished": "2025-08-29T21:02:05.597Z",
"dateReserved": "2025-08-29T10:27:39.191Z",
"dateUpdated": "2025-09-03T15:54:23.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9677 (GCVE-0-2025-9677)
Vulnerability from cvelistv5 – Published: 2025-08-29 21:02 – Updated: 2025-09-02 15:20
VLAI
Title
Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components
Summary
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321889 | vdb-entry |
| https://vuldb.com/?ctiid.321889 | signaturepermissions-required |
| https://vuldb.com/?submit.638078 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Modo | Legend of the Phoenix |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9677",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:54:51.219201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T15:20:21.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.duige.hzw.multilingual"
],
"product": "Legend of the Phoenix",
"vendor": "Modo",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Modo Legend of the Phoenix bis 1.0.5 entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei AndroidManifest.xml der Komponente com.duige.hzw.multilingual. Dank Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T21:02:07.682Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321889 | Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321889"
},
{
"name": "VDB-321889 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321889"
},
{
"name": "Submit #638078 | Modo Global Legend of the Phoenix (com.duige.hzw.multilingual) 1.0.5 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.638078"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.duige.hzw.multilingual.md#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-29T12:34:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9677",
"datePublished": "2025-08-29T21:02:07.682Z",
"dateReserved": "2025-08-29T10:28:58.703Z",
"dateUpdated": "2025-09-02T15:20:21.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Build and Compilation
Strategy: Attack Surface Reduction
Description:
- If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Mitigation
Phase: Build and Compilation
Strategy: Attack Surface Reduction
Description:
- If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
Mitigation
Phases: Build and Compilation, Architecture and Design
Strategy: Attack Surface Reduction
Description:
- Limit Content Provider permissions (read/write) as appropriate.
Mitigation
Phases: Build and Compilation, Architecture and Design
Strategy: Separation of Privilege
Description:
- Limit Content Provider permissions (read/write) as appropriate.
No CAPEC attack patterns related to this CWE.