Login Sign Up

CVE-2025-9675

5.3 MEDIUM

📋 TL;DR

This vulnerability in Voice Changer App allows improper export of Android application components via manipulation of AndroidManifest.xml. Attackers can exploit this to launch attacks from the local host, potentially accessing sensitive app data or functionality. Users of Voice Changer App versions up to 1.1.0 on Android devices are affected.

💻 Affected Systems

Products:
  • Voice Changer App
Versions: Up to and including version 1.1.0
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default.

📦 What is this software?

Voice Changer by Voice Changer Project

View all CVEs affecting Voice Changer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could access sensitive app data, execute unauthorized actions within the app, or potentially escalate privileges on the device.

🟠

Likely Case

Unauthorized access to app components leading to data leakage or manipulation of app functionality.

🟢

If Mitigated

Limited impact with proper Android permission controls and app sandboxing in place.

🌐 Internet-Facing: LOW - Exploitation requires local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users on the same device could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed and local access is sufficient for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Uninstall vulnerable versions and monitor for updates from the app developer.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the vulnerable Voice Changer App from affected devices

adb uninstall com.tuyangkeji.changevoice

🧯 If You Can't Patch

  • Restrict app installation permissions to prevent malicious apps from exploiting this vulnerability
  • Use Android work profiles or containerization to isolate vulnerable apps

🔍 How to Verify

Check if Vulnerable:

Check app version in Android settings > Apps > Voice Changer App. Versions 1.1.0 or earlier are vulnerable.

Check Version:

adb shell dumpsys package com.tuyangkeji.changevoice | grep versionName

Verify Fix Applied:

Verify app is uninstalled or updated to a version above 1.1.0 (if available).

📡 Detection & Monitoring

Log Indicators:

  • Unusual activity from Voice Changer App process
  • Permission violations related to com.tuyangkeji.changevoice

Network Indicators:

  • Local inter-process communication attempts to vulnerable app components

SIEM Query:

process_name:"com.tuyangkeji.changevoice" AND (event_type:"permission_violation" OR event_type:"unauthorized_access")

📊 Metadata

CVE ID: CVE-2025-9675
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-926
EPSS Score: 0.03% exploit probability (6.3th percentile)
Published: August 29, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9675, you might also want to check these:

CVE-2025-15464 7.5

This vulnerability allows external applications to bypass security controls and directly launch Gmai...

Same vulnerability type (CWE-926)
CVE-2023-41960 7.1

This vulnerability allows unprivileged third-party Android apps to interact with an improperly secur...

Same vulnerability type (CWE-926)
CVE-2023-20962 5.5

This vulnerability in Android 13 allows malicious apps to start foreground activities from the backg...

Same vulnerability type (CWE-926)