CVE-2025-9134

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce
https://vuldb.com/?ctiid.320514
https://vuldb.com/?id.320514
https://vuldb.com/?submit.615253
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce

Configurations

No configuration.

History

19 Aug 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md -~~	() https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md -
References	~~() https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce -~~	() https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce -

19 Aug 2025, 13:42

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad de seguridad en la aplicación AfterShip Package Tracker (hasta la versión 5.24.1) para Android. El elemento afectado es una función desconocida del archivo AndroidManifest.xml del componente com.aftership.AfterShip. Esta manipulación provoca la exportación incorrecta de componentes de la aplicación Android. El ataque debe ejecutarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, quien respondió: «Tras revisar su informe, hemos confirmado que esta vulnerabilidad existe y estamos trabajando activamente para solucionarla».

19 Aug 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 11:15

Updated : 2025-08-19 14:15

NVD link : CVE-2025-9134

Mitre link : CVE-2025-9134

CVE.ORG link : CVE-2025-9134

JSON object : View

Products Affected

No product.

CWE

CWE-926

Improper Export of Android Application Components

5.3 /10