CVE-2025-10195
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-09-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10195
EUVD
EUVD-2025-27535
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seismic app 2.4.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-926 The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-10195 is a vulnerability in Seismic App 2.4.2 on Android caused by improper export of application components defined in the AndroidManifest.xml file. This improper export allows malicious local attackers to hijack Android tasks or launch components without proper authorization, potentially inheriting the app's permissions. This can be exploited to perform phishing attacks or steal sensitive information by manipulating the app's exported components. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the Seismic App on your device. An attacker with local access can exploit the vulnerability to hijack tasks, inherit permissions, and potentially steal login credentials or other sensitive data. The exploit is publicly available and considered easy to execute, increasing the risk of attack. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by inspecting the AndroidManifest.xml file of the Seismic App 2.4.2 (package com.seismic.doccenter) for improperly exported components. Since the vulnerability involves improper exportation of components, you can check for exported components that should not be accessible. Additionally, Google hacking techniques such as searching for inurl:AndroidManifest.xml can help identify vulnerable targets. Specific commands on an Android device might include using 'adb shell' to pull and inspect the AndroidManifest.xml file, for example: 'adb shell pm path com.seismic.doccenter' to find the APK path, then 'adb pull <apk_path>' to extract the APK, and tools like 'apktool' to decode and inspect the AndroidManifest.xml for exported components. [2, 1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves modifying the AndroidManifest.xml configuration of the Seismic App to prevent unauthorized export of application components, thereby blocking task hijacking and unauthorized access. Since no vendor patch or official countermeasure is available and the vendor did not respond, consider replacing the affected product with an alternative. Restricting or removing exported components that do not require external access is critical. Additionally, avoid installing untrusted applications locally on the device to reduce risk. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart