CVE-2025-9674 is a medium-severity vulnerability affecting the Transbyte Scooper News App versions 1.0 through 1.2 on the Android platform. The flaw arises from improper exportation of Android application components declared in the AndroidManifest.xml file, specifically within the component identified as com.hatsune.eagleee. Improper exportation means that components intended to be private or restricted are instead accessible to other applications or processes on the device. This can lead to unauthorized access or manipulation of the app's internal functionality or data. The vulnerability requires local access, meaning an attacker must have physical or logical access to the device to exploit it. No user interaction or authentication is required beyond local access, and the attack complexity is low. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as it may allow unauthorized components to be invoked or data to be leaked or altered. The vendor, Transbyte, has not responded to disclosure attempts, and no patches are currently available. Although an exploit has been published, there are no known exploits in the wild at this time. The CVSS 4.0 vector indicates low attack vector (local), low attack complexity, no privileges required beyond local access, no user interaction, and low impact on confidentiality, integrity, and availability. This vulnerability is primarily a local privilege escalation or unauthorized access risk within the device environment, rather than a remote or large-scale threat.

For European organizations, the impact of this vulnerability is primarily on employees or users who have the Transbyte Scooper News App installed on their Android devices. If an attacker gains local access to such a device, they could exploit the improper exportation of components to access or manipulate app internals, potentially leading to leakage of sensitive news content, user data, or internal app functions. This could undermine confidentiality and integrity of information handled by the app. While the vulnerability does not allow remote exploitation, insider threats or physical device theft scenarios become more critical. Organizations relying on this app for news aggregation or internal communication may face risks of data leakage or unauthorized data manipulation. The lack of vendor response and patches increases the risk exposure. However, since the app is a news application and the vulnerability requires local access, the overall impact on critical infrastructure or highly sensitive systems is limited. Still, organizations should consider the risk in environments where device security is paramount, such as government agencies, media companies, or enterprises with strict data protection requirements.

1. Restrict physical and logical access to devices with the Transbyte Scooper News App installed to trusted personnel only. 2. Monitor and control app installations on corporate devices, potentially removing or replacing the Scooper News App with alternatives until a patch is available. 3. Employ mobile device management (MDM) solutions to enforce app permissions and restrict inter-app communication that could exploit exported components. 4. Educate users about the risks of local device compromise and encourage strong device authentication mechanisms such as PINs, biometrics, or full-disk encryption. 5. Regularly audit AndroidManifest.xml configurations in custom or in-house apps to prevent improper component exportation. 6. Stay alert for vendor updates or patches and apply them promptly once available. 7. Consider sandboxing or containerizing the app environment to limit the impact of any exploitation. 8. Implement endpoint detection and response (EDR) tools on mobile devices to detect suspicious local activity that may indicate exploitation attempts.