CVE-2025-7889 is a medium-severity vulnerability affecting the CallApp Caller ID Android application versions 2.0.0 through 2.0.4. The root cause lies in the improper export of Android application components defined in the AndroidManifest.xml file, specifically within the component identified as caller.id.phone.number.block. Improper export means that components such as activities, services, or broadcast receivers are made accessible to other applications or processes without adequate access controls. This can allow a local attacker—someone with access to the device—to interact with these components in unintended ways. The vulnerability does not require user interaction and can be exploited with low attack complexity and low privileges (limited to local access). The CVSS 4.0 vector indicates local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vendor was notified but has not responded or issued a patch, and while the exploit has been publicly disclosed, there are no known exploits in the wild at this time. Improperly exported components can lead to unauthorized access to sensitive functionality or data, potentially allowing privilege escalation, information disclosure, or manipulation of app behavior. Given the nature of the CallApp Caller ID app, which handles phone number identification and blocking, exploitation could allow an attacker to bypass blocking features or access user call data locally on the device.

For European organizations, the impact of this vulnerability depends largely on the prevalence of the CallApp Caller ID app among employees and the sensitivity of the data handled on affected devices. If employees use this app on corporate or personal devices that access corporate resources, attackers with local access (e.g., via physical access or malware on the device) could exploit the vulnerability to interfere with call blocking or glean information about incoming/outgoing calls. This could facilitate social engineering, targeted phishing, or unauthorized surveillance. While the vulnerability does not allow remote exploitation, it increases the attack surface for local adversaries, which is particularly concerning in environments with shared or less secure devices. Organizations in sectors with high privacy requirements (e.g., finance, healthcare, government) could face compliance risks if call data or user privacy is compromised. Additionally, the lack of vendor response and patch availability prolongs exposure and complicates risk management. Overall, the vulnerability could undermine device security hygiene and user privacy, indirectly impacting organizational security posture.

1. Immediate mitigation should include auditing and restricting the use of the CallApp Caller ID app on corporate devices, especially those handling sensitive information. 2. Where possible, replace the vulnerable app with alternative caller ID/blocking apps that are actively maintained and have a strong security track record. 3. Implement mobile device management (MDM) policies to control app installation and enforce security configurations, including restricting installation of apps with known vulnerabilities. 4. Educate users about the risks of local exploitation and the importance of device physical security to prevent unauthorized local access. 5. Monitor devices for unusual behavior that could indicate exploitation attempts, such as unexpected app interactions or changes in call blocking behavior. 6. Encourage the vendor to respond and release a patch; meanwhile, consider isolating devices with the vulnerable app from sensitive networks or data. 7. Regularly review AndroidManifest.xml exports in in-house or third-party apps to ensure no unnecessary components are exported, reducing attack surface.