Improper Export Vulnerability in Modo Legend of the Phoenix by Duige
CVE-2025-9677

4.8MEDIUM

Key Information:

Vendor: Modo
Status: Legend Of The Phoenix
Vendor: CVE Published:; 29 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9677?

A security flaw has been identified in the Modo Legend of the Phoenix app, specifically in an unknown function within the AndroidManifest.xml file of the com.duige.hzw.multilingual component. This flaw leads to the improper export of Android application components, potentially enabling local attacks. The exploit is publicly available, and attempts to contact the vendor regarding this security issue were met with no response.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Legend of the Phoenix 1.0.0

Legend of the Phoenix 1.0.1

Legend of the Phoenix 1.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9677 - Proof of Concept

References

https://vuldb.com/?id.321889

vdb-entry

https://vuldb.com/?ctiid.321889

signaturepermissions-required

https://vuldb.com/?submit.638078

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

🟡
Public PoC available
Aug 29, 2025
👾
Exploit known to exist
Aug 29, 2025
Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Aug 29, 2025

Credit

fxizenta (VulDB User)

JSON

Modo