CVE-2025-9673
BaseFortify
Publication date: 2025-08-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kakao | hey_kakao | * |
| kakao | hey_kakao | 2.17.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-926 | The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Kakao 헤이카카오 Hey Kakao App up to version 2.17.4 on Android. It involves improper export of Android application components due to an issue in the AndroidManifest.xml file of the component com.kakao.i.connect. This improper export can allow local attackers to exploit the app's components in unintended ways.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or manipulation of the app's components by a local attacker, potentially compromising the confidentiality, integrity, and availability of data or app functionality. Since the exploit is public, it increases the risk of exploitation.