CVE-2025-9097 is a medium-severity vulnerability affecting version 12.56.0 of the Euro Information CIC banque et compte en ligne Android application. The vulnerability arises from improper exportation of Android application components declared in the AndroidManifest.xml file, specifically within the component identified as com.cic_prod.bad. Improper export means that components such as activities, services, broadcast receivers, or content providers are made accessible to other applications or processes without adequate access controls. This misconfiguration can allow a local attacker—someone with access to the device—to interact with these components in unintended ways. Since the attack vector is local (AV:L), the attacker must have physical or logical access to the device, but no user interaction is required (UI:N), and the attack complexity is low (AC:L). The vulnerability does not require elevated privileges beyond limited privileges (PR:L), and the impact affects confidentiality, integrity, and availability to a limited extent (VC:L, VI:L, VA:L). The vendor was notified but has not responded or provided a patch, and the exploit details have been publicly disclosed, increasing the risk of exploitation. The vulnerability does not involve network exposure or system-level privileges, but it can potentially allow unauthorized access or manipulation of sensitive banking application components, possibly leading to data leakage or unauthorized operations within the app context. The lack of vendor response and patch availability increases the urgency for users and organizations to implement mitigations.

For European organizations, especially financial institutions and their customers using the CIC banque et compte en ligne app, this vulnerability poses a risk of unauthorized local access to sensitive banking application components. Although exploitation requires local access to the device, the impact could include leakage of confidential banking information, unauthorized transactions, or manipulation of app behavior, undermining user trust and regulatory compliance (e.g., GDPR). The vulnerability could be exploited by malicious insiders, attackers with temporary physical access, or malware already present on the device. Given the critical nature of banking data, even limited integrity or confidentiality breaches can have significant financial and reputational consequences. The public disclosure and lack of vendor remediation increase the risk of exploitation in the wild, potentially affecting customers across Europe who rely on this app for online banking.

1. Users should immediately update the app once a vendor patch is released; until then, avoid installing or using version 12.56.0 on devices that may be exposed to untrusted users. 2. Employ device-level security controls such as strong lock screens, biometric authentication, and encryption to prevent unauthorized local access. 3. Use mobile device management (MDM) solutions to restrict installation of untrusted applications and monitor device integrity. 4. Encourage users to avoid rooting or jailbreaking devices, which could increase the risk of local exploitation. 5. For organizations, consider deploying endpoint detection and response (EDR) solutions on mobile devices to detect suspicious local activity targeting banking apps. 6. Conduct user awareness campaigns to highlight the risks of local device compromise and the importance of physical device security. 7. Monitor for any unofficial patches or community mitigations and test them carefully before deployment. 8. Engage with the vendor for updates and consider alternative banking apps if remediation is delayed.