Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Universe App by NCSOFT

    CVE-2025-9676 (GCVE-0-2025-9676)

    Vulnerability from nvd – Published: 2025-08-29 21:02 – Updated: 2025-09-03 15:54
    VLAI
    Title
    NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components
    Summary
    A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    NCSOFT Universe App Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3.0
    Create a notification for this product.
    Credits
    fxizenta (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9676",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T14:55:34.044345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T15:54:23.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "com.ncsoft.universeapp"
              ],
              "product": "Universe App",
              "vendor": "NCSOFT",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "fxizenta (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in NCSOFT Universe App bis 1.3.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei AndroidManifest.xml der Komponente com.ncsoft.universeapp. Dank der Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper Export of Android Application Components",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-29T21:02:05.597Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321888 | NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.321888"
            },
            {
              "name": "VDB-321888 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321888"
            },
            {
              "name": "Submit #638074 | NCSOFT UNIVERSE(com.ncsoft.universeapp) 1.3.0 Task Hijacking",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.638074"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-29T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-29T12:32:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9676",
        "datePublished": "2025-08-29T21:02:05.597Z",
        "dateReserved": "2025-08-29T10:27:39.191Z",
        "dateUpdated": "2025-09-03T15:54:23.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9676 (GCVE-0-2025-9676)

    Vulnerability from cvelistv5 – Published: 2025-08-29 21:02 – Updated: 2025-09-03 15:54
    VLAI
    Title
    NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components
    Summary
    A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    NCSOFT Universe App Affected: 1.0
    Affected: 1.1
    Affected: 1.2
    Affected: 1.3.0
    Create a notification for this product.
    Credits
    fxizenta (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9676",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T14:55:34.044345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T15:54:23.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "com.ncsoft.universeapp"
              ],
              "product": "Universe App",
              "vendor": "NCSOFT",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.1"
                },
                {
                  "status": "affected",
                  "version": "1.2"
                },
                {
                  "status": "affected",
                  "version": "1.3.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "fxizenta (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in NCSOFT Universe App bis 1.3.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei AndroidManifest.xml der Komponente com.ncsoft.universeapp. Dank der Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-926",
                  "description": "Improper Export of Android Application Components",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-29T21:02:05.597Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321888 | NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.321888"
            },
            {
              "name": "VDB-321888 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321888"
            },
            {
              "name": "Submit #638074 | NCSOFT UNIVERSE(com.ncsoft.universeapp) 1.3.0 Task Hijacking",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.638074"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-29T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-29T12:32:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9676",
        "datePublished": "2025-08-29T21:02:05.597Z",
        "dateReserved": "2025-08-29T10:27:39.191Z",
        "dateUpdated": "2025-09-03T15:54:23.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }