CVE-2025-43976 – This vulnerability in the TextNow application f... (How to Fix)

Q: What is the severity of CVE-2025-43976?

CVE-2025-43976 has a CVSS score of 5.5 (MEDIUM). This vulnerability in the TextNow application for Android allows any installed app without permissions to initiate phone calls without user interaction by sending a crafted intent. It affects Android users running TextNow version 24.17.1.0 and earlier, potentially enabling unauthorized call placement.

📋 TL;DR

This vulnerability in the TextNow application for Android allows any installed app without permissions to initiate phone calls without user interaction by sending a crafted intent. It affects Android users running TextNow version 24.17.1.0 and earlier, potentially enabling unauthorized call placement.

💻 Affected Systems

Products:

com.enflick.android.tn2ndLine (TextNow)

Versions: through 24.17.1.0

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Android devices with vulnerable TextNow version installed.

📦 What is this software?

2ndline by Textnow

View all CVEs affecting 2ndline →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious apps could place premium-rate calls, incurring significant charges, or make calls to emergency services causing service disruption.

🟠

Likely Case

Malware or compromised apps could make unauthorized calls to toll numbers, resulting in financial loss for the user.

🟢

If Mitigated

With proper app sandboxing and intent filtering, the impact is limited to potential nuisance calls.

🌐 Internet-Facing: LOW - This is a local app vulnerability requiring malicious app installation.

🏢 Internal Only: MEDIUM - Any installed app can exploit this without user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires installing a malicious app but no user interaction during call placement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 24.17.1.0

Vendor Advisory: https://play.google.com/store/apps/details?id=com.enflick.android.tn2ndLine

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for TextNow 3. Update to latest version 4. Verify version is newer than 24.17.1.0

🔧 Temporary Workarounds

Uninstall TextNow

android

Remove the vulnerable application entirely

adb uninstall com.enflick.android.tn2ndLine

Disable TextNow dialer component

android

Use Android's pm command to disable the vulnerable activity

adb shell pm disable-user --user 0 com.enflick.android.tn2ndLine/com.enflick.android.TextNow.activities.DialerActivity

🧯 If You Can't Patch

Restrict installation of unknown apps and review installed applications
Monitor phone bill for unexpected call charges

🔍 How to Verify

Check if Vulnerable:

Check TextNow version in app settings or via: adb shell dumpsys package com.enflick.android.tn2ndLine | grep versionName

Check Version:

adb shell dumpsys package com.enflick.android.tn2ndLine | grep versionName

Verify Fix Applied:

Confirm version is newer than 24.17.1.0 and test intent filtering

📡 Detection & Monitoring

Log Indicators:

Unexpected intent calls to DialerActivity
Phone calls initiated without user interaction in logs

Network Indicators:

Unexpected outbound calls from TextNow app

SIEM Query:

source="android_logs" AND "com.enflick.android.TextNow.activities.DialerActivity" AND intent

📊 Metadata

CVE ID: CVE-2025-43976

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-862

EPSS Score: 0.02% exploit probability (4.6th percentile)

Published: July 21, 2025

Last Updated: August 7, 2025

🔗 References

https://github.com/actuator/com.enflick.android.tn2ndLine Exploit
https://github.com/actuator/com.enflick.android.tn2ndLine/blob/main/CVE-2025-43976 Third Party Advisory
https://play.google.com/store/apps/details?id=com.enflick.android.tn2ndLine Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43976, you might also want to check these: