NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application...

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9676

Source VulDB

Published Aug 29, 2025 at 21:02

Affected Product

Vendor NCSOFT

Product Universe App

Version 1.0

Affected Versions NCSOFT Universe App 1.0
NCSOFT Universe App 1.1
NCSOFT Universe App 1.2
NCSOFT Universe App 1.3.0

CWE Classification

CWE-926

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-29T21:02:05.597Z",
    "modified": "2025-08-29T21:02:05.597Z",
    "type": "cve",
    "title": "NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321888\nhttps://vuldb.com/?ctiid.321888\nhttps://vuldb.com/?submit.638074\nhttps://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md\nhttps://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce",
    "id": "CVE-2025-9676",
    "bulletinFamily": "",
    "cwe": [
        "CWE-926"
    ],
    "cvelist": null,
    "sourceData": "NCSOFT Universe App 1.0\nNCSOFT Universe App 1.1\nNCSOFT Universe App 1.2\nNCSOFT Universe App 1.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Universe App",
    "version": "1.0",
    "vendor": "NCSOFT",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

NCSOFT Universe App com.ncsoft.universeapp AndroidManifest.xml improper export of android application components_CVE-2025-9676