CVE-2025-9134

medium

Description

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."

References

https://vuldb.com/?submit.615253

https://vuldb.com/?id.320514

https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce

https://vuldb.com/?ctiid.320514

https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md

Details

Source: Mitre, NVD

Published: 2025-08-19

Updated: 2025-09-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00013