216.73.217.50

CVE-2025-9134

· Published 19/08/2025 11:15 · Modified 19/08/2025 14:15

Labels: CVE-2025-9134 2025-08-19CVE-2025-9134CWE-926[email protected]

Essential information

Published
19/08/2025 11:15
Modified
19/08/2025 14:15
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
aftership / package tracker app cpe:2.3:a:aftership:package_tracker_app:*:*:*:*:*:*:*:android

References