CVE-2025-9695

Summary

A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used.

Affected Software

VendorProductVersion RangeStatus
GalleryVaultGallery Vault App4.5.0affected
GalleryVaultGallery Vault App4.5.1affected
GalleryVaultGallery Vault App4.5.2affected

Weaknesses

  • CWE-926: Improper Export of Android Application Components

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References