CVE-2025-7889
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7889
EUVD
EUVD-2025-22015
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
callapp callapp to 2.0.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7889 is a Task Hijacking vulnerability in the CallApp Caller ID App for Android (up to version 2.0.4). It occurs because the app improperly exports certain Android application components in its AndroidManifest.xml file, specifically the component caller.id.phone.number.block. This improper export allows malicious applications on the same device (local host) to inherit the permissions of the vulnerable app and manipulate or take over Android tasks. This can lead to attackers exploiting the app to perform unauthorized actions, such as phishing for victims' login credentials. [1, 2]


How can this vulnerability impact me? :

This vulnerability can allow attackers with local access to your Android device to hijack tasks within the CallApp Caller ID App, potentially inheriting its permissions. This can lead to unauthorized manipulation of app functions, exposure of sensitive data, and phishing attacks targeting your login credentials. Since the exploit is publicly available and easy to execute, it poses a moderate security risk to users of the affected app versions. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the AndroidManifest.xml file of the CallApp Caller ID App (versions up to 2.0.4) for improperly exported components, specifically the caller.id.phone.number.block component. Since the exploit requires local access, detection involves checking the app's manifest for insecure exports. Additionally, Google hacking techniques such as searching for inurl:AndroidManifest.xml can help identify vulnerable targets. No specific commands are provided, but examining the app package on the device using Android tools like 'adb' to extract and review the AndroidManifest.xml is recommended. [2]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been published for this vulnerability. The suggested immediate step is to replace the affected CallApp Caller ID App (versions up to 2.0.4) with an alternative product to avoid exploitation. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart