CVE-2025-9097
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-18
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9097
EUVD
EUVD-2025-28812
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
euro_information_cic banque_et_compte_en_ligne 12.56.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-9097 is a vulnerability in the Euro Information CIC banque Android app (version 12.56.0) caused by improper exportation of Android application components in the AndroidManifest.xml file. This flaw allows malicious local applications to hijack tasks by inheriting permissions of the vulnerable app, potentially manipulating or taking over app tasks. It can be exploited locally to phish login credentials or gain unauthorized access to app components. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers with local access to your device to hijack tasks within the vulnerable app, potentially stealing sensitive information such as login credentials. It compromises the confidentiality, integrity, and availability of the app's data and functionality. Since the exploit is publicly available and relatively easy to execute, it poses a moderate security risk if the device is exposed. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by analyzing the AndroidManifest.xml file of the installed Euro Information CIC banque et compte en ligne App (package com.cic_prod.bad) version 12.56.0 to identify improperly exported components. Since the exploit requires local access, detection involves inspecting the app's manifest for exported components without proper restrictions. Additionally, searching for exposed AndroidManifest.xml files using Google hacking techniques can help identify vulnerable targets. Specific commands to inspect the manifest on a device include using 'adb shell' to pull the APK and then using 'aapt dump xmltree' or 'apktool' to analyze the AndroidManifest.xml for exported components. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves modifying the AndroidManifest.xml configuration of the vulnerable app to prevent unauthorized exportation of application components. This means ensuring that components are not exported unless necessary and that exported components have proper permission restrictions. Since the vendor has not provided a fix, users should avoid installing or running the vulnerable version (12.56.0) of the app and restrict local access to the device to prevent exploitation. Monitoring for updates from the vendor or applying custom patches to the app manifest can also help mitigate the risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart