logo_clicknbuy.png

CVE-2025-9135 – Verkehrsauskunft Österreich SmartRide Android Application Component Export

The following table lists the changes that have been made to the
CVE-2025-9135 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 19, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:L/AC:L/Au:S/C:P/I:P/A:P)
    Added CWE CWE-926
    Added Reference https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md
    Added Reference https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-to-reproduce
    Added Reference https://vuldb.com/?ctiid.320515
    Added Reference https://vuldb.com/?id.320515
    Added Reference https://vuldb.com/?submit.615276
    Added Reference https://vuldb.com/?submit.615278
    Added Reference https://vuldb.com/?submit.628235
Share the Post:

Related Posts