CVE-2025-9673
π TL;DR
This vulnerability in the Kakao Hey Kakao Android app allows improper export of application components via AndroidManifest.xml, potentially enabling local attackers to access sensitive app functionality. It affects Android users running the Hey Kakao app up to version 2.17.4. The exploit requires local access to the device.
π» Affected Systems
- Kakao ν€μ΄μΉ΄μΉ΄μ€ Hey Kakao App
β οΈ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
π Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
β οΈ Risk & Real-World Impact
Worst Case
Local attackers could access sensitive app components, potentially leading to data theft, privilege escalation, or unauthorized actions within the app.
Likely Case
Malicious apps on the same device could interact with Hey Kakao components they shouldn't have access to, potentially extracting user data or performing unauthorized operations.
If Mitigated
With proper Android security controls and app isolation, impact would be limited to the app's sandbox with minimal data exposure.
π― Exploit Status
Exploit requires local access to device. Public proof-of-concept available in GitHub repository.
π οΈ Fix & Mitigation
β Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Consider workarounds or alternative apps.
π§ Temporary Workarounds
Uninstall vulnerable app
androidRemove the Hey Kakao app from affected Android devices
adb uninstall com.kakao.i.connect
Restrict app permissions
androidLimit app permissions in Android settings to minimum required
π§― If You Can't Patch
- Isolate app on separate user profile or work profile
- Monitor for suspicious app behavior using Android security tools
π How to Verify
Check if Vulnerable:
Check app version in Android Settings > Apps > Hey Kakao. If version is 2.17.4 or lower, app is vulnerable.Check Version:
adb shell dumpsys package com.kakao.i.connect | grep versionNameVerify Fix Applied:
No fix available to verify. Consider app removal as verification.π‘ Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to com.kakao.i.connect components in Android logs
Network Indicators:
- Unusual local inter-app communication involving Hey Kakao
SIEM Query:
No standard SIEM query available for local Android app vulnerabilities