Login Sign Up

CVE-2025-9102

5.3 MEDIUM

📋 TL;DR

This vulnerability in the 1&1 Mail & Media mail.com Android app allows improper export of application components via AndroidManifest.xml, enabling local attackers to potentially access sensitive app functionality. It affects users of version 8.8.0 on Android devices. The exploit is publicly disclosed and could be leveraged by malicious apps installed on the same device.

💻 Affected Systems

Products:
  • 1&1 Mail & Media mail.com App
Versions: 8.8.0
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android version 8.8.0; requires malicious app co-installation on same device.

📦 What is this software?

Mail.com by Mail

View all CVEs affecting Mail.com →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious local app could access sensitive mail functionality, potentially reading emails, contacts, or authentication tokens without user consent.

🟠

Likely Case

Local privilege escalation allowing unauthorized access to app components, potentially exposing user data to other installed malicious applications.

🟢

If Mitigated

With proper Android security controls and app sandboxing, impact is limited to data within the vulnerable app's scope.

🌐 Internet-Facing: LOW - Attack requires local access to device, not remotely exploitable.
🏢 Internal Only: MEDIUM - Requires malicious app installation on same device, but could be combined with other exploits.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and malicious app installation; proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider alternative mail clients.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the vulnerable mail.com app version 8.8.0 from Android devices

Settings > Apps > mail.com > Uninstall

Use alternative mail client

android

Switch to a different, patched email application

🧯 If You Can't Patch

  • Restrict app installation to trusted sources only via Android settings
  • Enable Google Play Protect and keep device security updates current

🔍 How to Verify

Check if Vulnerable:

Check app version in Android Settings > Apps > mail.com > App info. If version is 8.8.0, device is vulnerable.

Check Version:

adb shell dumpsys package com.mail.mobile.android.mail | grep versionName

Verify Fix Applied:

Verify app is either uninstalled or updated to a version later than 8.8.0 (if available).

📡 Detection & Monitoring

Log Indicators:

  • Android system logs showing unauthorized component access attempts
  • App crash logs related to exported components

Network Indicators:

  • N/A - local vulnerability only

SIEM Query:

N/A - local device vulnerability

📊 Metadata

CVE ID: CVE-2025-9102
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-926
EPSS Score: 0.02% exploit probability (4.6th percentile)
Published: August 18, 2025
Last Updated: September 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9102, you might also want to check these:

CVE-2025-15464 7.5

This vulnerability allows external applications to bypass security controls and directly launch Gmai...

Same vulnerability type (CWE-926)
CVE-2023-41960 7.1

This vulnerability allows unprivileged third-party Android apps to interact with an improperly secur...

Same vulnerability type (CWE-926)
CVE-2023-20962 5.5

This vulnerability in Android 13 allows malicious apps to start foreground activities from the backg...

Same vulnerability type (CWE-926)