CVE-2025-9135

Exploit

EPSS 0.26%
Veröffentlicht 19.08.2025 11:02:06
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Verkehrsauskunft Österreich SmartRide/cleVVVer/BusBahnBim/Salzburg Verkehr AndroidManifest.xml improper export of android application components

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied".

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Verkehrsauskunft ≫ Smartride SwPlatformandroid Version < 12.1.2\(259\)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.168

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com	1.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-926 Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

https://vuldb.com/?id.320515

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.320515

VDB Entry

Permissions Required

https://vuldb.com/?submit.615276

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.615278

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.628235

Third Party Advisory

VDB Entry

https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md

Third Party Advisory

Exploit

https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-to-reproduce

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-9135

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9135

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9135

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-9135