CVE-2025-9671
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uab_paytend | paytend_app | * |
| uab_paytend | paytend_app | 2.1.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in the UAB Paytend App (up to version 2.1.9) on Android, specifically related to the AndroidManifest.xml file in the component com.passport.cash. It allows improper export of Android application components when manipulated locally, which means an attacker with local access can exploit this to potentially misuse app components.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a local attacker to manipulate the app's exported components improperly. This could lead to unauthorized access or actions within the app, potentially compromising app functionality or data integrity. However, the attack requires local access to the device.