FKIE_CVE-2025-8257

Vulnerability from fkie_nvd - Published: 2025-07-28 05:16 - Updated: 2026-04-29 01:00
Severity
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
References
cna@vuldb.comhttps://github.com/KMov-g/androidapps/blob/main/com.maverick.lobby.mdExploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.317845Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.317845Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.623471Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
lobbyuniverse lobby 2.0
lobbyuniverse lobby 2.1
lobbyuniverse lobby 2.2
lobbyuniverse lobby 2.3
lobbyuniverse lobby 2.4
lobbyuniverse lobby 2.5
lobbyuniverse lobby 2.6
lobbyuniverse lobby 2.7
lobbyuniverse lobby 2.8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "0F1D05FA-6480-40A6-B595-9F11DD5D4EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "01577093-A16F-4008-A851-B2953112F7B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "FA30D306-2345-4BAC-BDE0-2550E8667EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "E0332CBC-6CFA-409B-B910-FB120B138658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "35AC6945-622C-4425-B914-7BCAF49458D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.5:*:*:*:*:android:*:*",
              "matchCriteriaId": "66AD737F-2931-4D07-86DA-7959CE6DDE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.6:*:*:*:*:android:*:*",
              "matchCriteriaId": "620511EF-0FE1-4F29-8857-DF9171A4E532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.7:*:*:*:*:android:*:*",
              "matchCriteriaId": "B3E70767-F6BA-48E1-ADE2-DBE3B3CCA07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:lobbyuniverse:lobby:2.8.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "2FE6B081-1628-437A-B5C8-ED413B8349FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en la aplicaci\u00f3n Lobby Universe Lobby hasta la versi\u00f3n 2.8.0 en Android. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo AndroidManifest.xml del componente com.maverick.lobby. Esta manipulaci\u00f3n provoca la exportaci\u00f3n incorrecta de componentes de la aplicaci\u00f3n Android. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."
    }
  ],
  "id": "CVE-2025-8257",
  "lastModified": "2026-04-29T01:00:01.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.9,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-28T05:16:20.190",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.maverick.lobby.md"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.317845"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.317845"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.623471"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-926"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.