CVE-2025-21615
📋 TL;DR
CVE-2025-21615 allows malicious apps on the same Android device to exfiltrate sensitive GPS tracking data from the AAT (Another Activity Tracker) application. This affects all users running AAT versions below 1.26 on Android devices with other potentially malicious applications installed.
💻 Affected Systems
- AAT (Another Activity Tracker)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete exfiltration of all stored GPS tracking data including routes, timestamps, and activity history, potentially revealing sensitive location patterns and personal routines.
Likely Case
Limited data exposure depending on what malicious apps target, potentially exposing recent activity routes and location history.
If Mitigated
No data exposure when running patched version or with proper Android app sandboxing controls in place.
🎯 Exploit Status
Exploitation requires developing or installing a malicious Android app that bypasses standard app sandboxing to access AAT's data storage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.26
Vendor Advisory: https://github.com/bailuk/AAT/security/advisories/GHSA-pwpm-x58v-px5c
Restart Required: Yes
Instructions:
1. Open Google Play Store on Android device. 2. Search for 'AAT - Another Activity Tracker'. 3. If update is available, tap 'Update'. 4. Alternatively, download v1.26+ from GitHub releases. 5. Restart the AAT application after update.
🔧 Temporary Workarounds
Uninstall suspicious apps
androidRemove any untrusted or unnecessary applications from the device to reduce attack surface.
Disable AAT when not in use
androidForce stop the AAT application when not actively tracking activities to limit exposure window.
🧯 If You Can't Patch
- Limit installation of new apps to only trusted sources (Google Play Store verified apps)
- Regularly review and uninstall unused or suspicious applications from the device
🔍 How to Verify
Check if Vulnerable:
Open AAT app → Settings → About → Check version number. If version is below 1.26, you are vulnerable.Check Version:
Not applicable - check via app interface on Android deviceVerify Fix Applied:
After updating, verify version shows 1.26 or higher in AAT Settings → About section.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns to AAT data directories by other applications
- Multiple failed permission requests from unknown apps
Network Indicators:
- Unexpected outbound connections containing GPS coordinate data from non-AAT apps
SIEM Query:
Not applicable for typical mobile device scenarios