5.5

CVE-2025-9676

Exploit

NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NcsoftUniverse SwPlatformandroid Version >= 1.0 <= 1.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.16
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 1.9 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 5.3 1.8 3.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 4.3 3.1 6.4
AV:L/AC:L/Au:S/C:P/I:P/A:P
CWE-926 Improper Export of Android Application Components

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md
Third Party Advisory
Exploit
Mitigation
https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce
Third Party Advisory
Exploit
Mitigation
https://vuldb.com/?ctiid.321888
VDB Entry
Permissions Required
https://vuldb.com/?id.321888
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.638074
Third Party Advisory
VDB Entry