5.5
CVE-2025-9677
- EPSS 0.03%
- Veröffentlicht 29.08.2025 21:15:38
- Zuletzt bearbeitet 08.09.2025 16:07:57
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginA security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Modo ≫ Legend Of The Phoenix SwPlatformandroid Version <= 1.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.063 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| cna@vuldb.com | 4.8 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 5.3 | 1.8 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 4.3 | 3.1 | 6.4 |
AV:L/AC:L/Au:S/C:P/I:P/A:P
|
CWE-926 Improper Export of Android Application Components
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.