CVE-2025-9134
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9134
EUVD
EUVD-2025-25163
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
aftership aftership_package_tracker to 5.24.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-9134 is a security vulnerability in the AfterShip Package Tracker App for Android (versions up to 5.24.1). It involves improper export of Android application components defined in the AndroidManifest.xml file of the com.aftership.AfterShip component. This means the app exports a component without properly restricting which other apps can access or launch it, potentially allowing unauthorized access to app components. The attack requires local access to the device and is considered easy to exploit. The vulnerability compromises the confidentiality, integrity, and availability of the app's components. [1]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access to sensitive components of the AfterShip app, potentially allowing attackers with local access to compromise the confidentiality, integrity, and availability of the app's data and functions. This could result in data breaches, manipulation of app data, or disruption of app services. Since the exploit is publicly available and easy to carry out locally, it poses a moderate security risk to users of affected versions. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by analyzing the AndroidManifest.xml file of the AfterShip Package Tracker App (com.aftership.AfterShip) on the device to check for improperly exported components. Since the attack requires local access, inspecting the app's manifest for exported components without proper restrictions is key. Additionally, vulnerable targets can be found using Google hacking techniques searching for AndroidManifest.xml files. Specific commands are not provided in the resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Currently, there are no known mitigations for this vulnerability. The vendor is actively working on a fix. Immediate steps include avoiding use of the vulnerable app versions (up to 5.24.1) and considering replacement with alternative products to reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart