CVE-2025-9675 is a medium-severity vulnerability identified in the Voice Changer App versions up to 1.1.0. The root cause lies in improper exportation of Android application components due to incorrect processing of the AndroidManifest.xml file, specifically within the component com.tuyangkeji.changevoice. AndroidManifest.xml defines the app's components and their exposure to other apps or system processes. Improper export settings can unintentionally expose sensitive components such as activities, services, or broadcast receivers to other apps or local attackers. In this case, the vulnerability allows an attacker with local access to the device (local host) to manipulate the app's exported components, potentially leading to unauthorized interactions with the app’s internal components. The attack does not require user interaction and can be performed with low privileges, increasing its risk. The CVSS 4.0 vector indicates low attack complexity, no user interaction, and limited scope impact, with partial confidentiality, integrity, and availability impacts. Although no known exploits are currently in the wild, the vulnerability has been publicly disclosed, which may increase the risk of exploitation. The vulnerability is specific to Android devices running the affected versions of the Voice Changer App, which is a consumer-oriented application used for modifying voice recordings or live voice input.

For European organizations, the direct impact of this vulnerability is likely limited to employees or users who have installed the vulnerable Voice Changer App on their Android devices. If such devices are used within corporate environments, especially those with access to sensitive data or internal networks, the improper export of components could be leveraged by a local attacker or malicious app to escalate privileges, intercept or manipulate data, or disrupt app functionality. This could lead to partial compromise of device confidentiality and integrity, potentially enabling lateral movement or data leakage within corporate networks. However, since exploitation requires local access and the app is consumer-focused, the threat surface is narrower compared to network-exposed vulnerabilities. Still, organizations with Bring Your Own Device (BYOD) policies or those in sectors with high privacy requirements (e.g., finance, healthcare) should be cautious. Additionally, the vulnerability could be used as part of a multi-stage attack chain if combined with other exploits to gain broader access.

Organizations should ensure that all Android devices, especially those used in corporate environments, update the Voice Changer App to a patched version once available. Until a patch is released, users should be advised to uninstall the app or restrict its usage on devices that access sensitive information. Mobile Device Management (MDM) solutions can be employed to monitor app installations and enforce policies that prevent installation of vulnerable app versions. Security teams should audit AndroidManifest.xml configurations for in-house or third-party apps to detect improper component exports proactively. Additionally, applying the principle of least privilege on Android devices by disabling installation from untrusted sources and restricting app permissions can reduce the risk. User education about the risks of installing apps from unofficial sources and the importance of updates is also critical. Finally, monitoring for unusual local app interactions or privilege escalations on Android endpoints can help detect exploitation attempts.