CVE-2025-15464

Exploit

EPSS 0.47%
Veröffentlicht 08.01.2026 21:15:42
Zuletzt bearbeitet 12.02.2026 17:51:33
Quelle bbf0bd87-ece2-41be-b873-96928e
CVE-Watchlists
Login
Unerledigt
Login

KL-001-2026-01: yintibao Fun Print Mobile Unauthorized Access via Context Hijacking

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yintibao ≫ Fun Print Version6.05.15 SwPlatformandroid

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.367

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-926 Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt

Third Party Advisory

Exploit

https://korelogic.com/Resources/Advisories/KL-001-2026-001.poc.js.txt

Exploit

http://seclists.org/fulldisclosure/2026/Jan/12

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-15464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15464

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15464