CWE-926
AllowedImproper Export of Android Application Components
Abstraction: Variant · Status: Incomplete
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
147 vulnerabilities reference this CWE, most recent first.
CVE-2025-8524 (GCVE-0-2025-8524)
Vulnerability from cvelistv5 – Published: 2025-08-04 20:02 – Updated: 2025-08-04 20:17- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318650 | vdb-entry |
| https://vuldb.com/?ctiid.318650 | signaturepermissions-required |
| https://vuldb.com/?submit.619037 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Boquan | DotWallet App |
Affected:
2.15.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8524",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T20:15:34.549608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T20:17:54.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.boquanhash.dotwallet"
],
"product": "DotWallet App",
"vendor": "Boquan",
"versions": [
{
"status": "affected",
"version": "2.15.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Boquan DotWallet App 2.15.2 f\u00fcr Android gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei AndroidManifest.xml der Komponente com.boquanhash.dotwallet. Mit der Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T20:02:05.674Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318650 | Boquan DotWallet App com.boquanhash.dotwallet AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.318650"
},
{
"name": "VDB-318650 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318650"
},
{
"name": "Submit #619037 | Boquan DotWallet(com.boquanhash.dotwallet) 2.15.2 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619037"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.boquanhash.dotwallet.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T08:42:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "Boquan DotWallet App com.boquanhash.dotwallet AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8524",
"datePublished": "2025-08-04T20:02:05.674Z",
"dateReserved": "2025-08-04T06:37:00.383Z",
"dateUpdated": "2025-08-04T20:17:54.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8523 (GCVE-0-2025-8523)
Vulnerability from cvelistv5 – Published: 2025-08-04 19:32 – Updated: 2025-08-04 19:59- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318649 | vdb-entry |
| https://vuldb.com/?ctiid.318649 | signaturepermissions-required |
| https://vuldb.com/?submit.619035 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| RiderLike | Fruit Crush-Brain App |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8523",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T19:59:47.414372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T19:59:57.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.fruitcrush.fun"
],
"product": "Fruit Crush-Brain App",
"vendor": "RiderLike",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In RiderLike Fruit Crush-Brain App 1.0 f\u00fcr Android wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei AndroidManifest.xml der Komponente com.fruitcrush.fun. Dank Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T19:32:05.733Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318649 | RiderLike Fruit Crush-Brain App com.fruitcrush.fun AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.318649"
},
{
"name": "VDB-318649 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318649"
},
{
"name": "Submit #619035 | RiderLike Fruit Crush-Brain 1.0.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619035"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.fruitcrush.fun.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-04T08:37:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "RiderLike Fruit Crush-Brain App com.fruitcrush.fun AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8523",
"datePublished": "2025-08-04T19:32:05.733Z",
"dateReserved": "2025-08-04T06:32:55.900Z",
"dateUpdated": "2025-08-04T19:59:57.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8513 (GCVE-0-2025-8513)
Vulnerability from cvelistv5 – Published: 2025-08-03 14:32 – Updated: 2025-08-04 18:35- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318612 | vdb-entry |
| https://vuldb.com/?ctiid.318612 | signaturepermissions-required |
| https://vuldb.com/?submit.619029 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8513",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T18:35:01.990923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T18:35:28.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.caixin.news"
],
"product": "News App",
"vendor": "Caixin",
"versions": [
{
"status": "affected",
"version": "8.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Caixin News App 8.0.1 f\u00fcr Android gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei AndroidManifest.xml der Komponente com.caixin.news. Durch Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-03T14:32:05.191Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318612 | Caixin News App com.caixin.news AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.318612"
},
{
"name": "VDB-318612 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318612"
},
{
"name": "Submit #619029 | Caixin Media Company Limited Caixin News 8.0.1 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619029"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.caixin.news.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-02T17:41:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "Caixin News App com.caixin.news AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8513",
"datePublished": "2025-08-03T14:32:05.191Z",
"dateReserved": "2025-08-02T15:35:58.887Z",
"dateUpdated": "2025-08-04T18:35:28.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8512 (GCVE-0-2025-8512)
Vulnerability from cvelistv5 – Published: 2025-08-03 14:02 – Updated: 2025-08-04 18:37- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318611 | vdb-entry |
| https://vuldb.com/?ctiid.318611 | signaturepermissions-required |
| https://vuldb.com/?submit.619028 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/h… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| TVB | Big Big Shop App |
Affected:
2.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8512",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T18:37:17.616301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T18:37:38.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"hk.com.tvb.bigbigshop"
],
"product": "Big Big Shop App",
"vendor": "TVB",
"versions": [
{
"status": "affected",
"version": "2.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in TVB Big Big Shop App 2.9.0 f\u00fcr Android entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei AndroidManifest.xml der Komponente hk.com.tvb.bigbigshop. Durch das Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-03T14:02:05.823Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318611 | TVB Big Big Shop App hk.com.tvb.bigbigshop AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.318611"
},
{
"name": "VDB-318611 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318611"
},
{
"name": "Submit #619028 | Big Big Channel Limited big big shop 2.9.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619028"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/hk.com.tvb.bigbigshop.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-02T17:39:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "TVB Big Big Shop App hk.com.tvb.bigbigshop AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8512",
"datePublished": "2025-08-03T14:02:05.823Z",
"dateReserved": "2025-08-02T15:34:28.416Z",
"dateUpdated": "2025-08-04T18:37:38.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8275 (GCVE-0-2025-8275)
Vulnerability from cvelistv5 – Published: 2025-07-28 12:02 – Updated: 2025-07-28 13:28- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317864 | vdb-entry |
| https://vuldb.com/?ctiid.317864 | signaturepermissions-required |
| https://vuldb.com/?submit.623582 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/b… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| bsc | Peru Cocktails App |
Affected:
1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8275",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T13:28:27.220654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T13:28:40.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"bsc.devy.peru_cocktails"
],
"product": "Peru Cocktails App",
"vendor": "bsc",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in bsc Peru Cocktails App 1.0.0 f\u00fcr Android entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei AndroidManifest.xml der Komponente bsc.devy.peru_cocktails. Durch Manipulieren mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T12:02:05.803Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317864 | bsc Peru Cocktails App bsc.devy.peru_cocktails AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317864"
},
{
"name": "VDB-317864 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317864"
},
{
"name": "Submit #623582 | bsc inc Peru Cocktails(bsc.devy.peru_cocktails) 1.0.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623582"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/bsc.devy.peru_cocktails.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-27T20:48:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "bsc Peru Cocktails App bsc.devy.peru_cocktails AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8275",
"datePublished": "2025-07-28T12:02:05.803Z",
"dateReserved": "2025-07-27T18:42:57.624Z",
"dateUpdated": "2025-07-28T13:28:40.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8258 (GCVE-0-2025-8258)
Vulnerability from cvelistv5 – Published: 2025-07-28 05:02 – Updated: 2025-07-28 16:01- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317846 | vdb-entry |
| https://vuldb.com/?ctiid.317846 | signaturepermissions-required |
| https://vuldb.com/?submit.623472 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Cool Mo | Maigcal Number App |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8258",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T16:00:47.323570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:01:00.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.sdmagic.number"
],
"product": "Maigcal Number App",
"vendor": "Cool Mo",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.sdmagic.number. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Cool Mo Maigcal Number App bis 1.0.3 f\u00fcr Android entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei AndroidManifest.xml der Komponente com.sdmagic.number. Dank Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T05:02:10.197Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317846 | Cool Mo Maigcal Number App com.sdmagic.number AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317846"
},
{
"name": "VDB-317846 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317846"
},
{
"name": "Submit #623472 | Cool mo. Inc Maigcal Number(com.sdmagic.number) 1.0.3 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623472"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.sdmagic.number.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T18:09:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "Cool Mo Maigcal Number App com.sdmagic.number AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8258",
"datePublished": "2025-07-28T05:02:10.197Z",
"dateReserved": "2025-07-26T16:03:53.957Z",
"dateUpdated": "2025-07-28T16:01:00.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8257 (GCVE-0-2025-8257)
Vulnerability from cvelistv5 – Published: 2025-07-28 04:32 – Updated: 2025-07-28 16:02- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317845 | vdb-entry |
| https://vuldb.com/?ctiid.317845 | signaturepermissions-required |
| https://vuldb.com/?submit.623471 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Lobby Universe | Lobby App |
Affected:
2.0
Affected: 2.1 Affected: 2.2 Affected: 2.3 Affected: 2.4 Affected: 2.5 Affected: 2.6 Affected: 2.7 Affected: 2.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8257",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T16:02:29.755157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:02:40.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.maverick.lobby"
],
"product": "Lobby App",
"vendor": "Lobby Universe",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.6"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Lobby Universe Lobby App bis 2.8.0 f\u00fcr Android wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei AndroidManifest.xml der Komponente com.maverick.lobby. Dank der Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T04:32:05.048Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317845 | Lobby Universe Lobby App com.maverick.lobby AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317845"
},
{
"name": "VDB-317845 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317845"
},
{
"name": "Submit #623471 | Lobby Universe Inc. Lobby(com.maverick.lobby) 2.8.0 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623471"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.maverick.lobby.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T18:04:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Lobby Universe Lobby App com.maverick.lobby AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8257",
"datePublished": "2025-07-28T04:32:05.048Z",
"dateReserved": "2025-07-26T15:59:19.924Z",
"dateUpdated": "2025-07-28T16:02:40.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8210 (GCVE-0-2025-8210)
Vulnerability from cvelistv5 – Published: 2025-07-26 20:32 – Updated: 2025-07-28 15:15- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317778 | vdb-entry |
| https://vuldb.com/?ctiid.317778 | signaturepermissions-required |
| https://vuldb.com/?submit.615779 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Yeelink | Yeelight App |
Affected:
3.5.0
Affected: 3.5.1 Affected: 3.5.2 Affected: 3.5.3 Affected: 3.5.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T15:15:07.076576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:15:18.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.yeelight.cherry"
],
"product": "Yeelight App",
"vendor": "Yeelink",
"versions": [
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.5.3"
},
{
"status": "affected",
"version": "3.5.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Yeelink Yeelight App bis 3.5.4 f\u00fcr Android ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei AndroidManifest.xml der Komponente com.yeelight.cherry. Durch Beeinflussen mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T20:32:05.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317778 | Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317778"
},
{
"name": "VDB-317778 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317778"
},
{
"name": "Submit #615779 | Yeelink Yeelight 3.5.4 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615779"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.yeelight.cherry.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T21:02:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8210",
"datePublished": "2025-07-26T20:32:05.177Z",
"dateReserved": "2025-07-25T18:55:55.045Z",
"dateUpdated": "2025-07-28T15:15:18.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8207 (GCVE-0-2025-8207)
Vulnerability from cvelistv5 – Published: 2025-07-26 20:02 – Updated: 2025-07-28 15:14- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317777 | vdb-entry |
| https://vuldb.com/?ctiid.317777 | signaturepermissions-required |
| https://vuldb.com/?submit.615777 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Canara | ai1 Mobile Banking App |
Affected:
3.6.23
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T15:14:31.474939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T15:14:42.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.canarabank.mobility"
],
"product": "ai1 Mobile Banking App",
"vendor": "Canara",
"versions": [
{
"status": "affected",
"version": "3.6.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Canara ai1 Mobile Banking App 3.6.23 f\u00fcr Android gefunden. Dies betrifft einen unbekannten Teil der Datei AndroidManifest.xml der Komponente com.canarabank.mobility. Durch das Beeinflussen mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-26T20:02:05.807Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317777 | Canara ai1 Mobile Banking App com.canarabank.mobility AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317777"
},
{
"name": "VDB-317777 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317777"
},
{
"name": "Submit #615777 | CANARA BANK canara ai1 3.6.23 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.615777"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.canarabank.mobility.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T20:34:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Canara ai1 Mobile Banking App com.canarabank.mobility AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8207",
"datePublished": "2025-07-26T20:02:05.807Z",
"dateReserved": "2025-07-25T18:29:36.981Z",
"dateUpdated": "2025-07-28T15:14:42.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7940 (GCVE-0-2025-7940)
Vulnerability from cvelistv5 – Published: 2025-07-21 21:02 – Updated: 2025-07-23 18:29- CWE-926 - Improper Export of Android Application Components
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317077 | vdb-entry |
| https://vuldb.com/?ctiid.317077 | signaturepermissions-required |
| https://vuldb.com/?submit.619036 | third-party-advisory |
| https://github.com/KMov-g/androidapps/blob/main/c… | related |
| https://github.com/KMov-g/androidapps/blob/main/c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Genshin | Albedo Cat House App |
Affected:
1.0.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T18:29:21.619034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:29:43.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.house.auscat"
],
"product": "Albedo Cat House App",
"vendor": "Genshin",
"versions": [
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fxizenta (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Genshin Albedo Cat House App 1.0.2 f\u00fcr Android wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei AndroidManifest.xml der Komponente com.house.auscat. Mit der Manipulation mit unbekannten Daten kann eine improper export of android application components-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-926",
"description": "Improper Export of Android Application Components",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T21:02:05.867Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317077 | Genshin Albedo Cat House App com.house.auscat AndroidManifest.xml improper export of android application components",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.317077"
},
{
"name": "VDB-317077 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317077"
},
{
"name": "Submit #619036 | Genshin Albedo Cat House 1.0.2 Task Hijacking",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.619036"
},
{
"tags": [
"related"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.house.auscat.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/KMov-g/androidapps/blob/main/com.house.auscat.md#video-proof-of-concept"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-21T09:36:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genshin Albedo Cat House App com.house.auscat AndroidManifest.xml improper export of android application components"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7940",
"datePublished": "2025-07-21T21:02:05.867Z",
"dateReserved": "2025-07-21T07:31:15.915Z",
"dateUpdated": "2025-07-23T18:29:43.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Attack Surface Reduction
If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Mitigation
Strategy: Attack Surface Reduction
If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
Mitigation
Strategy: Attack Surface Reduction
Limit Content Provider permissions (read/write) as appropriate.
Mitigation
Strategy: Separation of Privilege
Limit Content Provider permissions (read/write) as appropriate.
No CAPEC attack patterns related to this CWE.