Improper Export Vulnerability in Transbyte Scooper News App for Android
CVE-2025-9674

4.8MEDIUM

Key Information:

Vendor

Transbyte

Status
Scooper News App
Vendor
CVE Published:
29 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9674?

A vulnerability has been identified in the Transbyte Scooper News App for Android, specifically affecting version 1.2. This flaw resides within an unspecified feature of the AndroidManifest.xml file in the component com.hatsune.eagleee, resulting in the improper export of application components. Attackers with local access could exploit this weakness, allowing them to manipulate application behavior. Despite early contact regarding this issue, the vendor has not responded, leaving users potentially exposed to this risk. Developers and users are advised to assess their security practices and consider upgrading or replacing vulnerable applications.

Affected Version(s)

Scooper News App 1.0

Scooper News App 1.1

Scooper News App 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9674 - Proof of Concept

References

https://vuldb.com/?id.321884
vdb-entry
https://vuldb.com/?ctiid.321884
signaturepermissions-required
https://vuldb.com/?submit.638068
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

fxizenta (VulDB User)
.
CVE-2025-9674 : Improper Export Vulnerability in Transbyte Scooper News App for Android