Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of...

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9673

Source VulDB

Published Aug 29, 2025 at 20:02

Modified Aug 29, 2025 at 20:18

Affected Product

Vendor Kakao

Product 헤이카카오 Hey Kakao App

Version 2.17.0

Affected Versions Kakao 헤이카카오 Hey Kakao App 2.17.0
Kakao 헤이카카오 Hey Kakao App 2.17.1
Kakao 헤이카카오 Hey Kakao App 2.17.2
Kakao 헤이카카오 Hey Kakao App 2.17.3
Kakao 헤이카카오 Hey Kakao App 2.17.4

CWE Classification

CWE-926

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-29T20:02:08.396Z",
    "modified": "2025-08-29T20:18:10.056Z",
    "type": "cve",
    "title": "Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321883\nhttps://vuldb.com/?ctiid.321883\nhttps://vuldb.com/?submit.637925\nhttps://github.com/KMov-g/androidapps/blob/main/com.kakao.i.connect.md\nhttps://github.com/KMov-g/androidapps/blob/main/com.kakao.i.connect.md#steps-to-reproduce",
    "id": "CVE-2025-9673",
    "bulletinFamily": "",
    "cwe": [
        "CWE-926"
    ],
    "cvelist": null,
    "sourceData": "Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App 2.17.0\nKakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App 2.17.1\nKakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App 2.17.2\nKakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App 2.17.3\nKakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App 2.17.4",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "\ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App",
    "version": "2.17.0",
    "vendor": "Kakao",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Kakao 헤이카카오 Hey Kakao App com.kakao.i.connect AndroidManifest.xml improper export of android application components_CVE-2025-9673