CVE-2025-9674 in Scooper News App
Summary
by MITRE • 08/30/2025
A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/09/2025
The vulnerability identified as CVE-2025-9674 represents a critical security flaw within the Transbyte Scooper News App version 1.2 and earlier on Android platforms. This issue stems from improper export of Android application components through the AndroidManifest.xml file, specifically affecting the component path com.hatsune.eagleee. The flaw demonstrates a fundamental misconfiguration in the application's security model that directly violates established Android security principles and best practices.
The technical implementation of this vulnerability involves manipulation of the AndroidManifest.xml configuration file where the affected component lacks proper export restrictions. This misconfiguration allows unauthorized access to application components that should remain private or restricted to internal use only. According to CWE-732, this represents an incorrect permission assignment where the application grants unintended access to components that should be protected. The vulnerability specifically impacts the Android application component export mechanism, which is a core security feature designed to control component accessibility and prevent unauthorized interaction with application internals.
From an operational perspective, this vulnerability creates a significant attack surface that can be exploited by local adversaries with access to the device. The requirement for local access means that attackers must already have some level of system compromise or physical access to the target device, but this represents a dangerous escalation vector. The published exploit demonstrates that this vulnerability is not merely theoretical but actively being used in the wild, indicating a mature attack capability that threat actors can leverage to gain deeper access to affected devices. The lack of vendor response after early disclosure further compounds the risk, leaving users exposed without official patches or mitigation guidance.
The attack vector and exploitation methodology align with ATT&CK technique T1068 which involves local privilege escalation and component manipulation. This vulnerability essentially allows attackers to bypass Android's component isolation mechanisms, potentially enabling them to access sensitive application data, manipulate application behavior, or use the compromised component as a foothold for further attacks. The exploitation process likely involves manipulating the AndroidManifest.xml file or using local system capabilities to interact with the improperly exported component, creating a pathway for privilege escalation and data exfiltration.
Organizations and users should implement immediate mitigations including updating to the latest available version of the application if a patch is released, disabling the affected application if no update is available, and implementing mobile device management policies that can restrict application behavior. The vulnerability highlights the importance of proper Android security configuration management and the critical need for vendors to respond promptly to security disclosures. Security teams should monitor for suspicious application behavior related to the affected component and consider network-based detection measures to identify potential exploitation attempts. Additionally, this vulnerability underscores the necessity of regular security audits of Android manifest configurations and adherence to security frameworks that prevent such export misconfigurations in application development processes.