CVE Details
Basic Information
| Title | Foresight News App pro.foresightnews.appa AndroidManifest.xml improper export of android application components |
|---|---|
| Type | cve |
| Published | 2025-07-20T13:44:05.401Z |
| Modified | 2025-07-20T13:44:05.401Z |
Product Information
| Vendor | Foresight |
|---|---|
| Product | News App |
| Version | 2.6.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A vulnerability in the Foresight News App for Android (versions up to 2.6.4) allows improper export of application components, potentially enabling local attackers to access sensitive functionalities. The issue was disclosed publicly, but the vendor did not respond. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Foresight |
| AI Product | Foresight News App |
| AI Version | 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4 |
Affected Products
- Foresight News App 2.6.0
- Foresight News App 2.6.1
- Foresight News App 2.6.2
- Foresight News App 2.6.3
- Foresight News App 2.6.4
Additional Information
| CWE List | CWE-926 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component pro.foresightnews.appa. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.