CVE-2025-52926
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-06-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-223 | The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in spytrap-adb before version 0.3.5 causes matches for known stalkerware to be detected but not displayed in the interactive text user interface (TUI), which is the primary way users interact with the tool. As a result, users may not be aware of stalkerware detections during scans because the alerts are not shown in the interface, reducing the effectiveness of the detection. [1, 2, 3]
How can this vulnerability impact me? :
The impact of this vulnerability is that although stalkerware is detected by the scanning tool, the results are not shown in the user interface. This means users might miss critical alerts about stalkerware infections on their devices, potentially allowing stalkerware to remain undetected and continue compromising user privacy and security. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to the spytrap-adb tool before version 0.3.5, where matches for known stalkerware were detected but not displayed in the interactive Text User Interface (TUI). To detect stalkerware on your system, you should run spytrap-adb's scan subcommand. After updating to version 0.3.5 or later, the tool will properly display stalkerware matches in the TUI. A typical command to run would be: `spytrap-adb scan` which scans for stalkerware and shows results interactively. Prior to version 0.3.5, although detections occurred, they were not visible in the TUI, so upgrading is essential for proper detection visibility. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade spytrap-adb to version 0.3.5 or later. This version includes a fix that ensures stalkerware detection results are properly displayed in the interactive user interface, allowing you to see and respond to stalkerware detections effectively. Additionally, the update includes security fixes for dependencies. Follow the official release instructions to update, verify the SHA256 checksum of the binary if using precompiled versions, or rebuild from source using git and make as described in the release notes. [1]