Common Weakness Enumeration

CWE-926

Allowed

Improper Export of Android Application Components

Abstraction: Variant · Status: Incomplete

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

147 vulnerabilities reference this CWE, most recent first.

GHSA-8GRM-Q26G-C368

Vulnerability from github – Published: 2025-08-04 21:30 – Updated: 2025-08-04 21:30
VLAI
Details

A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T20:15:31Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-8grm-q26g-c368",
  "modified": "2025-08-04T21:30:43Z",
  "published": "2025-08-04T21:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8523"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.fruitcrush.fun.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.318649"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.318649"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.619035"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8H69-QHJ8-JP44

Vulnerability from github – Published: 2023-05-04 21:30 – Updated: 2024-04-04 03:48
VLAI
Details

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-04T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.",
  "id": "GHSA-8h69-qhj8-jp44",
  "modified": "2024-04-04T03:48:19Z",
  "published": "2023-05-04T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21485"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GV2-XGVF-CJ9J

Vulnerability from github – Published: 2025-08-04 21:30 – Updated: 2025-08-04 21:30
VLAI
Details

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8524"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-04T20:15:32Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-9gv2-xgvf-cj9j",
  "modified": "2025-08-04T21:30:43Z",
  "published": "2025-08-04T21:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8524"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.boquanhash.dotwallet.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.318650"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.318650"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.619037"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9M9C-M3M8-59VC

Vulnerability from github – Published: 2025-05-30 18:31 – Updated: 2025-06-10 09:30
VLAI
Details

Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com.pri.factorytest.emmc.FactoryResetService“ service allowing any application to perform a factory reset of the device.  Application update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and most probably March 2025 (Krüger&Matz, although the vendor has not confirmed it, so newer releases might be vulnerable as well).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-30T16:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Android based smartphones from vendors such as Ulefone and\u00a0Kr\u00fcger\u0026Matz contain \"com.pri.factorytest\" application preloaded onto devices during manufacturing process.\nThe application\u00a0\"com.pri.factorytest\"\u00a0(version name: 1.0, version code: 1)\u00a0exposes a \u201dcom.pri.factorytest.emmc.FactoryResetService\u201c service allowing any application to perform a factory reset of the device.\u00a0\nApplication update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and most probably March 2025 (Kr\u00fcger\u0026Matz, although the vendor has not confirmed it, so newer releases might be vulnerable as well).",
  "id": "GHSA-9m9c-m3m8-59vc",
  "modified": "2025-06-10T09:30:30Z",
  "published": "2025-05-30T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13915"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2025/05/CVE-2024-13915"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9R2Q-7JGQ-5XJC

Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-05 18:31
VLAI
Details

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T19:15:37Z",
    "severity": "HIGH"
  },
  "details": "In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device\u0027s location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
  "id": "GHSA-9r2q-7jgq-5xjc",
  "modified": "2025-09-05T18:31:19Z",
  "published": "2025-09-04T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32347"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/25cfacbe5ac2423b8fe1375e0593ef69e98b8d09"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2025-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9V3X-RMCF-RHP4

Vulnerability from github – Published: 2025-08-19 12:31 – Updated: 2026-04-29 04:12
VLAI
Details

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T11:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in Verkehrsauskunft \u00d6sterreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended.",
  "id": "GHSA-9v3x-rmcf-rhp4",
  "modified": "2026-04-29T04:12:03Z",
  "published": "2025-08-19T12:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9135"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.320515"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.320515"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.615276"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.615278"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.628235"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C3V6-6XR7-WXJ8

Vulnerability from github – Published: 2025-08-18 03:30 – Updated: 2025-08-18 03:30
VLAI
Details

A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-18T03:15:28Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in 1\u00261 Mail \u0026 Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-c3v6-6xr7-wxj8",
  "modified": "2025-08-18T03:30:26Z",
  "published": "2025-08-18T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9102"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.mail.mobile.android.mail.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.mail.mobile.android.mail.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.320424"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.320424"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.628264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CRW4-X7C5-52F3

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-05-03 15:30
VLAI
Details

An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41823"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T14:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nAn improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities.\u00a0\n\n",
  "id": "GHSA-crw4-x7c5-52f3",
  "modified": "2024-05-03T15:30:53Z",
  "published": "2024-05-03T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41823"
    },
    {
      "type": "WEB",
      "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178705"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWHX-Q6WR-FWVC

Vulnerability from github – Published: 2024-05-03 15:30 – Updated: 2024-05-03 15:30
VLAI
Details

An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T14:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nAn improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands.\u00a0\n\n",
  "id": "GHSA-cwhx-q6wr-fwvc",
  "modified": "2024-05-03T15:30:53Z",
  "published": "2024-05-03T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41822"
    },
    {
      "type": "WEB",
      "url": "https://en-us.support.motorola.com/app/answers/detail/a_id/178704"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F6W6-CXF8-5R67

Vulnerability from github – Published: 2025-08-18 03:30 – Updated: 2025-08-18 03:30
VLAI
Details

A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-9098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-926"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-18T01:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in Elseplus File Recovery App 4.4.21 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-f6w6-cxf8-5r67",
  "modified": "2025-08-18T03:30:26Z",
  "published": "2025-08-18T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9098"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.elseplus.filerecovery.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/KMov-g/androidapps/blob/main/com.elseplus.filerecovery.md#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.320420"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.320420"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.627902"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Build and Compilation

Strategy: Attack Surface Reduction

If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.

Mitigation
Build and Compilation

Strategy: Attack Surface Reduction

If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.

Mitigation
Build and Compilation Architecture and Design

Strategy: Attack Surface Reduction

Limit Content Provider permissions (read/write) as appropriate.

Mitigation
Build and Compilation Architecture and Design

Strategy: Separation of Privilege

Limit Content Provider permissions (read/write) as appropriate.

No CAPEC attack patterns related to this CWE.