CVE-2025-9671

Summary

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
UABPaytend App2.1.0affected
UABPaytend App2.1.1affected
UABPaytend App2.1.2affected
UABPaytend App2.1.3affected
UABPaytend App2.1.4affected
UABPaytend App2.1.5affected
UABPaytend App2.1.6affected
UABPaytend App2.1.7affected
UABPaytend App2.1.8affected
UABPaytend App2.1.9affected

Weaknesses

  • CWE-926: Improper Export of Android Application Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References