CVE-2025-43976 is a medium-severity vulnerability affecting the Android application com.enflick.android.tn2ndLine (commonly known as TextNow) through version 24.17.1.0. The vulnerability arises from the application's DialerActivity component (com.enflick.android.TextNow.activities.DialerActivity), which improperly exposes functionality that allows any installed application, even those without any permissions, to initiate phone calls silently without user interaction. This is achieved by sending a crafted intent to the vulnerable component. Because the vulnerable component does not enforce permission checks or user confirmation, malicious apps can exploit this flaw to place unauthorized calls, potentially leading to toll fraud, privacy violations, or indirect denial of service by exhausting call resources. The CVSS v3.1 base score is 4.3, reflecting a medium impact with low attack complexity, no privileges required, and no user interaction needed. The attack vector is physical (local), meaning the attacker must have an app installed on the device, but no special permissions or user actions are necessary to trigger the exploit. The vulnerability impacts confidentiality, integrity, and availability to a limited extent: confidentiality and integrity are affected because unauthorized calls can be placed, potentially leaking information or causing fraudulent charges; availability is impacted by possible resource exhaustion or disruption of legitimate calling capabilities. No known exploits are reported in the wild as of the publication date. No patches or fixes are currently linked, indicating that remediation may require vendor intervention or user action such as uninstalling or restricting the app. This vulnerability highlights the risks of insecure inter-component communication in Android apps, especially those handling sensitive telephony functions.

For European organizations, the impact of CVE-2025-43976 depends largely on the prevalence of the TextNow app within their user base or employee devices. Organizations with Bring Your Own Device (BYOD) policies or those in sectors where employees use third-party communication apps may face risks of unauthorized call initiation, leading to potential financial losses from toll fraud or reputational damage if fraudulent calls are traced back to corporate devices. Privacy concerns arise as unauthorized calls could expose sensitive information or allow attackers to leverage the device for further attacks. Additionally, the vulnerability could be exploited to disrupt communication channels, impacting operational continuity. While the vulnerability requires a malicious app to be installed, the lack of permission requirements lowers the barrier for exploitation. European telecom providers could also see indirect impacts if large numbers of devices are exploited, potentially affecting network resources. However, since the attack vector is local and no remote exploitation is possible, the threat is more contained to device-level compromise rather than large-scale network attacks.

To mitigate CVE-2025-43976, European organizations should: 1) Audit and restrict the installation of third-party apps, especially those from untrusted sources, to prevent malicious apps from being installed that could exploit this vulnerability. 2) Implement Mobile Device Management (MDM) solutions to control app permissions and monitor unusual calling behavior on corporate devices. 3) Educate users about the risks of installing apps from unknown developers and the importance of scrutinizing app permissions and behaviors. 4) Encourage or enforce the use of official, vetted communication apps rather than third-party dialers with known vulnerabilities. 5) Monitor telephony usage patterns for anomalies that could indicate unauthorized call activity. 6) Coordinate with the vendor (TextNow) to obtain patches or updates addressing this vulnerability and deploy them promptly once available. 7) Where possible, apply Android OS-level restrictions or security policies that limit inter-app communication or intent handling related to telephony functions. 8) Consider network-level controls to detect and block suspicious call patterns originating from devices known to have the vulnerable app installed.