Login Sign Up

CVE-2025-9093

5.3 MEDIUM

📋 TL;DR

This vulnerability in BuzzFeed App for Android allows local attackers to improperly access exported application components, potentially leading to data exposure or unauthorized actions. It affects Android users running BuzzFeed App version 2024.9. The exploit requires physical access to the device or a malicious app already installed.

💻 Affected Systems

Products:
  • BuzzFeed App
Versions: 2024.9
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android version 2024.9 of the BuzzFeed App. Requires the vulnerable AndroidManifest.xml configuration.

📦 What is this software?

Buzzfeed by Buzzfeed

View all CVEs affecting Buzzfeed →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical device access could extract sensitive app data, manipulate app functionality, or potentially escalate privileges to other system components.

🟠

Likely Case

Malicious apps already installed on the device could access BuzzFeed App's exported components to steal user data or perform unauthorized actions within the app.

🟢

If Mitigated

With proper Android security controls and app sandboxing, impact would be limited to the BuzzFeed App's own data and functionality.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical access or malicious app installation.
🏢 Internal Only: MEDIUM - On corporate devices, a malicious insider or compromised app could exploit this to access BuzzFeed App data.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit details are publicly disclosed on GitHub. Requires local access or malicious app installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2024.9

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for BuzzFeed App 3. Check for available updates 4. Install the latest version 5. Verify version is newer than 2024.9

🔧 Temporary Workarounds

Disable App or Restrict Permissions

android

Temporarily disable the BuzzFeed App or restrict its permissions through Android settings

🧯 If You Can't Patch

  • Uninstall BuzzFeed App version 2024.9 from affected devices
  • Implement mobile device management (MDM) policies to restrict app installations and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > BuzzFeed > App info. If version is 2024.9, device is vulnerable.

Check Version:

adb shell dumpsys package com.buzzfeed.android | grep versionName

Verify Fix Applied:

Verify app version is newer than 2024.9 after update. Check Google Play Store for latest version availability.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to BuzzFeed App components in Android logs
  • Permission denial errors related to exported components

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable for local Android app vulnerabilities

📊 Metadata

CVE ID: CVE-2025-9093
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-926
EPSS Score: 0.02% exploit probability (5th percentile)
Published: August 17, 2025
Last Updated: September 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9093, you might also want to check these:

CVE-2025-15464 7.5

This vulnerability allows external applications to bypass security controls and directly launch Gmai...

Same vulnerability type (CWE-926)
CVE-2023-41960 7.1

This vulnerability allows unprivileged third-party Android apps to interact with an improperly secur...

Same vulnerability type (CWE-926)
CVE-2023-20962 5.5

This vulnerability in Android 13 allows malicious apps to start foreground activities from the backg...

Same vulnerability type (CWE-926)