CVE-2025-9134

A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."

CVSS

No CVSS.

References

Link	Resource
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce
https://vuldb.com/?ctiid.320514
https://vuldb.com/?id.320514
https://vuldb.com/?submit.615253
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md

Configurations

No configuration.

History

19 Aug 2025, 14:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : unknown
CWE	~~CWE-926~~

19 Aug 2025, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 11:15

Updated : 2025-08-19 14:15

NVD link : CVE-2025-9134

Mitre link : CVE-2025-9134

JSON object : View

Products Affected

No product.

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce", "name": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.320514", "name": "VDB-320514 | CTI Indicators (IOB, IOC, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.320514", "name": "VDB-320514 | AfterShip Package Tracker App com.aftership.AfterShip AndroidManifest.xml improper export of android application components", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.615253", "name": "Submit #615253 | Aftership(https://www.aftership.com/mobile-app) AfterShip 5.24.1 Task Hijacking", "tags": [], "refsource": ""}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md", "name": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md", "tags": [], "refsource": ""}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce", "name": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce", "tags": [], "refsource": ""}, {"url": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md", "name": "https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: \"After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it.\""}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-9134", "ASSIGNER": "cna@vuldb.com"}}, "impact": {}, "publishedDate": "2025-08-19T11:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-19T14:15Z"}