CVE-2025-9674 is a medium-severity vulnerability affecting the Transbyte Scooper News App versions 1.0 through 1.2 on Android devices. The root cause lies in the improper export of Android application components defined in the AndroidManifest.xml file, specifically within the component identified as com.hatsune.eagleee. Improper export means that certain components (such as activities, services, broadcast receivers, or content providers) are made accessible to other apps or processes without adequate access controls. This can allow a local attacker—someone with physical or local access to the device—to interact with these components in unintended ways, potentially leading to unauthorized information disclosure, privilege escalation, or manipulation of app behavior. The vulnerability requires local access and does not require user interaction or elevated privileges beyond local access. The CVSS 4.0 vector indicates low attack complexity and low privileges required, with no user interaction needed, but the impact on confidentiality, integrity, and availability is limited. The vendor was notified but did not respond or provide a patch, and an exploit has been published, increasing the risk of exploitation. However, there are no known exploits in the wild at this time. This vulnerability highlights the importance of correctly configuring component export settings in Android apps to prevent unauthorized inter-app communication and potential misuse by malicious local actors.

For European organizations, the impact of this vulnerability depends largely on the usage of the Transbyte Scooper News App within their environment. Given that the vulnerability requires local access, the primary risk is to devices physically accessible to attackers or compromised by other means (e.g., malware). Potential impacts include unauthorized access to sensitive information handled by the app, manipulation of app functions, or lateral movement within a device. In corporate or governmental environments where Android devices are used for news consumption or internal communication, exploitation could lead to leakage of sensitive organizational information or disruption of information workflows. Although the vulnerability is medium severity, the lack of vendor response and published exploit code increases the urgency for mitigation. The risk is higher in environments with shared or less controlled device access, such as public kiosks, shared work devices, or BYOD scenarios. Overall, while the vulnerability does not pose a critical threat to network infrastructure, it can undermine device security and confidentiality of information on affected devices, which is significant for organizations handling sensitive or regulated data under European data protection laws.

To mitigate this vulnerability, organizations should: 1) Immediately audit Android devices for the presence of the Transbyte Scooper News App versions 1.0 to 1.2 and remove or disable the app if it is not essential. 2) If removal is not feasible, restrict physical and local access to devices to trusted users only, minimizing the risk of local exploitation. 3) Employ mobile device management (MDM) solutions to enforce app whitelisting or blacklisting policies, preventing installation or execution of vulnerable app versions. 4) Monitor device logs and behavior for unusual inter-app communication or suspicious activity related to the com.hatsune.eagleee component. 5) Encourage users to update to newer app versions if and when patches become available, or contact the vendor for remediation status. 6) Educate users about the risks of installing untrusted apps and the importance of device security hygiene. 7) Consider deploying endpoint protection solutions that can detect exploitation attempts of local vulnerabilities. Since no patch is currently available, these compensating controls are critical to reduce exposure.