CVE-2025-9671
📋 TL;DR
This vulnerability in UAB Paytend App for Android allows improper export of application components via manipulation of AndroidManifest.xml. Attackers with local access can exploit this to access sensitive app components. Only Android users of UAB Paytend App versions up to 2.1.9 are affected.
💻 Affected Systems
- UAB Paytend App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized access to sensitive app components leading to data theft, privilege escalation, or manipulation of financial transactions within the app.
Likely Case
Local attacker accessing app components to extract sensitive information or manipulate app behavior.
If Mitigated
Limited impact if app is not installed or user has restricted local access to device.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Attack requires local access to device but no authentication to the app.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor was contacted but did not respond. Users should uninstall the app until a fix is released.
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove UAB Paytend App from Android devices
Settings > Apps > UAB Paytend > Uninstall
Restrict app permissions
androidLimit app permissions to minimum required
Settings > Apps > UAB Paytend > Permissions > Disable unnecessary permissions
🧯 If You Can't Patch
- Disable or uninstall UAB Paytend App from all Android devices
- Implement device security controls to prevent unauthorized local access
🔍 How to Verify
Check if Vulnerable:
Check app version in Android settings: Settings > Apps > UAB Paytend > App info. If version is 2.1.9 or lower, device is vulnerable.Check Version:
adb shell dumpsys package com.passport.cash | grep versionNameVerify Fix Applied:
Check if app has been updated to version above 2.1.9 or if app has been removed from device.📡 Detection & Monitoring
Log Indicators:
- Unusual app component access attempts
- Android system logs showing unauthorized component exports
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="android_system" AND (event="component_export" OR event="manifest_tampering") AND app="com.passport.cash"