CVE-2025-9134 – This vulnerability allows improper export of An... (How to Fix)

Q: What is the severity of CVE-2025-9134?

CVE-2025-9134 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows improper export of Android application components in the AfterShip Package Tracker App, enabling local attackers to potentially access sensitive app data or functionality. It affects Android users running AfterShip Package Tracker App version 5.24.1 and earlier. The attack requires physical access to the device or malware already present on the device.

📋 TL;DR

This vulnerability allows improper export of Android application components in the AfterShip Package Tracker App, enabling local attackers to potentially access sensitive app data or functionality. It affects Android users running AfterShip Package Tracker App version 5.24.1 and earlier. The attack requires physical access to the device or malware already present on the device.

💻 Affected Systems

Products:

AfterShip Package Tracker App

Versions: Up to and including version 5.24.1

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All Android devices running vulnerable versions are affected. The vulnerability is in the AndroidManifest.xml configuration.

📦 What is this software?

Aftership Package Tracker by Aftership

View all CVEs affecting Aftership Package Tracker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could exploit this to access sensitive package tracking data, user information, or app functionality without proper authorization, potentially leading to data theft or unauthorized actions.

🟠

Likely Case

Malware already present on the device could leverage this vulnerability to escalate privileges or access AfterShip app data that should be protected, compromising user privacy.

🟢

If Mitigated

With proper Android security controls and user awareness, the impact is limited as it requires local access and cannot be exploited remotely.

🌐 Internet-Facing: LOW - This is a local vulnerability that cannot be exploited over the internet. Remote attackers cannot directly trigger this vulnerability.

🏢 Internal Only: MEDIUM - Requires physical device access or malware presence, making it relevant for lost/stolen devices or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details are publicly disclosed on GitHub. Attack requires local access to the device. The vendor acknowledges the vulnerability exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 5.24.1

Vendor Advisory: Not provided in CVE details

Restart Required: No

Instructions:

1. Open Google Play Store 2. Search for 'AfterShip Package Tracker' 3. Check if update is available 4. Install the latest version 5. Verify app version is greater than 5.24.1

🔧 Temporary Workarounds

Disable app or restrict permissions

Android

Temporarily disable the AfterShip app or restrict its permissions until patched

Go to Settings > Apps > AfterShip > Disable

Enable Android security features

Android

Ensure device encryption, screen lock, and verify apps from unknown sources is disabled

Go to Settings > Security > Enable device encryption and screen lock

🧯 If You Can't Patch

Remove the app from devices until patched version is available
Implement mobile device management (MDM) policies to restrict app installation and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check app version in Settings > Apps > AfterShip > App info. If version is 5.24.1 or lower, you are vulnerable.

Check Version:

adb shell dumpsys package com.aftership.AfterShip | grep versionName

Verify Fix Applied:

Update app via Play Store and confirm version is greater than 5.24.1 in app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual access to AfterShip app components in Android logs
Permission violations related to com.aftership.AfterShip

Network Indicators:

Not applicable - this is a local vulnerability

SIEM Query:

Not applicable for local Android app vulnerabilities

📊 Metadata

CVE ID: CVE-2025-9134

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-926

EPSS Score: 0.02% exploit probability (4.6th percentile)

Published: August 19, 2025

Last Updated: September 12, 2025

🔗 References

https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md Exploit,Third Party Advisory
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce Exploit,Third Party Advisory
https://vuldb.com/?ctiid.320514 Permissions Required,VDB Entry
https://vuldb.com/?id.320514 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.615253 Third Party Advisory,VDB Entry
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md Exploit,Third Party Advisory
https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#steps-to-reproduce Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9134, you might also want to check these: