{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9675", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-29T10:25:30.375Z", "datePublished": "2025-08-29T20:32:09.227Z", "dateUpdated": "2025-09-03T15:54:38.911Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-29T20:32:09.227Z"}, "title": "Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-926", "lang": "en", "description": "Improper Export of Android Application Components"}]}], "affected": [{"vendor": "n/a", "product": "Voice Changer App", "versions": [{"version": "1.0", "status": "affected"}, {"version": "1.1.0", "status": "affected"}], "modules": ["com.tuyangkeji.changevoice"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized."}, {"lang": "de", "value": "In Voice Changer App bis 1.1.0 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei AndroidManifest.xml der Komponente com.tuyangkeji.changevoice. Die Bearbeitung verursacht improper export of android application components. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-29T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-29T12:30:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "fxizenta (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.321887", "name": "VDB-321887 | Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.321887", "name": "VDB-321887 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.638073", "name": "Submit #638073 | Voice Changer & Voice Recorder & Sound Effects Voice Changer - Sound Effects(com.tuyangkeji.changevoice) 1.1.0 Task Hijacking", "tags": ["third-party-advisory"]}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md", "tags": ["related"]}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md", "tags": ["exploit"]}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T14:56:19.504203Z", "id": "CVE-2025-9675", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-03T15:54:38.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9675", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-02T14:56:19.504203Z"}}}], "references": [{"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md", "tags": ["exploit"]}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T14:56:22.733Z"}}], "cna": {"title": "Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components", "credits": [{"lang": "en", "type": "reporter", "value": "fxizenta (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "modules": ["com.tuyangkeji.changevoice"], "product": "Voice Changer App", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1.0"}]}], "timeline": [{"lang": "en", "time": "2025-08-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-29T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-29T12:30:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.321887", "name": "VDB-321887 | Voice Changer App com.tuyangkeji.changevoice AndroidManifest.xml improper export of android application components", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.321887", "name": "VDB-321887 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.638073", "name": "Submit #638073 | Voice Changer & Voice Recorder & Sound Effects Voice Changer - Sound Effects(com.tuyangkeji.changevoice) 1.1.0 Task Hijacking", "tags": ["third-party-advisory"]}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md", "tags": ["related"]}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized."}, {"lang": "de", "value": "In Voice Changer App bis 1.1.0 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei AndroidManifest.xml der Komponente com.tuyangkeji.changevoice. Die Bearbeitung verursacht improper export of android application components. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-926", "description": "Improper Export of Android Application Components"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-29T20:32:09.227Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9675", "state": "PUBLISHED", "dateUpdated": "2025-09-03T15:54:38.911Z", "dateReserved": "2025-08-29T10:25:30.375Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-29T20:32:09.227Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:voice_changer_project:voice_changer:*:*:*:*:*:android:*:*", "matchCriteriaId": "114ECA7C-788E-43CC-8F5A-2BEA71E64A95", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "matchCriteriaId": "F63C033A-17C5-45FA-8C53-137528ACF30C", "versionEndExcluding": "11.0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized."}], "id": "CVE-2025-9675", "lastModified": "2025-09-08T16:22:56.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-29T21:15:37.650", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.321887"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.321887"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.638073"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://github.com/KMov-g/androidapps/blob/main/com.tuyangkeji.changevoice.md#steps-to-reproduce"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-926"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}