CVE-2025-7889 in Caller ID App
Summary
by MITRE • 07/20/2025
A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/15/2025
CVE-2025-7889 represents a critical security flaw in the CallApp Caller ID App version 2.0.4 for Android platforms, classified under the CWE-922 weakness category which deals with inadequate protection of stored data. This vulnerability stems from improper export of Android application components within the AndroidManifest.xml file, specifically affecting the caller.id.phone.number.block component. The flaw allows for unauthorized access to application components that should remain protected, creating a dangerous attack surface that can be exploited locally on the device. The vulnerability's classification as problematic indicates a significant risk to user privacy and system integrity, as it enables potential attackers to manipulate application behavior through the improper exposure of internal components.
The technical implementation of this vulnerability involves the AndroidManifest.xml file where application components are declared and their export status is determined. When components are improperly exported, they become accessible to other applications or malicious actors without proper authentication or authorization mechanisms. This misconfiguration allows for the exploitation of application services that should remain internal to the application's security boundaries. The local host attack vector means that an attacker with access to the device can leverage this flaw to gain unauthorized access to the application's functionality, potentially leading to data theft, privacy violations, or further system compromise. The vulnerability's public disclosure status indicates that attackers have already developed methods to exploit this flaw, making immediate remediation essential for affected users.
The operational impact of CVE-2025-7889 extends beyond simple privacy concerns to encompass potential data breaches, unauthorized application manipulation, and increased attack surface for more sophisticated exploits. Users of the CallApp Caller ID App are at risk of having their personal contact information exposed, call logs potentially accessed, and phone number blocking functionality manipulated by malicious actors. The vulnerability's nature suggests it could be leveraged as a stepping stone for broader attacks within the device's security environment, particularly given the Android platform's component-based architecture where improperly exported components can serve as entry points for privilege escalation attacks. This flaw directly relates to the ATT&CK framework's technique T1068 which covers 'Exploitation for Privilege Escalation' and T1546 which addresses 'Event Triggered Execution' through component manipulation.
Mitigation strategies for CVE-2025-7889 require immediate action from users to update to the latest version of the CallApp Caller ID App where the vulnerability has been patched. System administrators and security professionals should conduct thorough assessments of all Android applications installed on devices to identify similar improper component exports. The recommended approach includes reviewing AndroidManifest.xml files for all applications to ensure that components are only exported when absolutely necessary and that proper intent filters are implemented to restrict access. Additionally, organizations should implement mobile device management policies that enforce application security standards and regularly audit application permissions. The vulnerability's disclosure status necessitates immediate patch deployment and user awareness campaigns, as the exploit is already in public circulation. Security teams should also consider implementing network monitoring to detect potential exploitation attempts and establish incident response procedures specifically addressing Android application component vulnerabilities.