Search
Find a vulnerability
Search criteria
2 vulnerabilities by yintibao
CVE-2025-15464 (GCVE-0-2025-15464)
Vulnerability from nvd – Published: 2026-01-08 21:01 – Updated: 2026-01-08 23:04
VLAI
Title
KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking
Summary
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| https://korelogic.com/Resources/Advisories/KL-001… | exploit |
| http://seclists.org/fulldisclosure/2026/Jan/12 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yintibao | Fun Print Mobile |
Affected:
6.05.15
(semver)
|
Date Public
2026-01-08 20:55
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15464",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T21:29:21.276464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T21:31:51.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2026-001.poc.js.txt"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-08T23:04:12.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2026/Jan/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Android"
],
"product": "Fun Print Mobile",
"vendor": "yintibao",
"versions": [
{
"status": "affected",
"version": "6.05.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yintibao:fun_print_mobile:6.05.15:*:android:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Segoviano of KoreLogic, Inc."
}
],
"datePublic": "2026-01-08T20:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "CWE-926 Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T21:01:31.240Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2025-15464",
"datePublished": "2026-01-08T21:01:31.240Z",
"dateReserved": "2026-01-05T20:33:47.411Z",
"dateUpdated": "2026-01-08T23:04:12.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15464 (GCVE-0-2025-15464)
Vulnerability from cvelistv5 – Published: 2026-01-08 21:01 – Updated: 2026-01-08 23:04
VLAI
Title
KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking
Summary
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| https://korelogic.com/Resources/Advisories/KL-001… | exploit |
| http://seclists.org/fulldisclosure/2026/Jan/12 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yintibao | Fun Print Mobile |
Affected:
6.05.15
(semver)
|
Date Public
2026-01-08 20:55
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15464",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T21:29:21.276464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T21:31:51.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2026-001.poc.js.txt"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-08T23:04:12.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2026/Jan/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Android"
],
"product": "Fun Print Mobile",
"vendor": "yintibao",
"versions": [
{
"status": "affected",
"version": "6.05.15",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yintibao:fun_print_mobile:6.05.15:*:android:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Segoviano of KoreLogic, Inc."
}
],
"datePublic": "2026-01-08T20:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "CWE-926 Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T21:01:31.240Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2025-15464",
"datePublished": "2026-01-08T21:01:31.240Z",
"dateReserved": "2026-01-05T20:33:47.411Z",
"dateUpdated": "2026-01-08T23:04:12.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}