CVE-2025-9695 is a medium-severity vulnerability affecting the GalleryVault Gallery Vault App on Android versions up to 4.5.2. The root cause lies in the improper export of Android application components due to misconfiguration in the AndroidManifest.xml file, specifically within the component identified as com.thinkyeah.galleryvault. This misconfiguration allows certain app components to be exported unintentionally, making them accessible to other local applications or processes on the same device. The vulnerability requires local access to the device, meaning an attacker must have physical or local control over the Android environment to exploit it. No user interaction or elevated privileges beyond limited permissions are necessary, and the attack vector is local (AV:L). The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as it could allow unauthorized access or manipulation of app components, potentially leading to data leakage or unauthorized operations within the app context. The CVSS 4.0 base score is 4.8, reflecting a medium severity level. Although no known exploits are currently observed in the wild, a public exploit exists, increasing the risk of exploitation by local attackers. The vulnerability does not require authentication or user interaction, but the scope is limited to local environments, reducing the overall attack surface. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for users to monitor updates from the vendor.

For European organizations, the impact of CVE-2025-9695 is primarily relevant to those using the Gallery Vault App on Android devices, particularly if the app is employed to secure sensitive images or documents. The improper export of app components could lead to unauthorized local access to protected data or app functionalities, potentially compromising confidentiality and integrity of sensitive information. Organizations relying on mobile device security for compliance with data protection regulations such as GDPR may face increased risk if sensitive personal data is exposed through this vulnerability. While the attack requires local access, insider threats or scenarios involving lost or stolen devices could be exploited. The vulnerability could also be leveraged as a foothold for further local privilege escalation or lateral movement within a compromised device. However, the limited scope and local attack vector reduce the likelihood of widespread remote exploitation, making the threat more relevant in environments with less stringent physical device controls or where devices are shared among multiple users.

To mitigate CVE-2025-9695, European organizations should take several specific steps beyond generic advice: 1) Immediately audit the use of Gallery Vault App on corporate or personal devices used for work purposes and assess the necessity of the app in the environment. 2) Restrict physical and local access to devices, enforcing strong device lock mechanisms such as biometric authentication or strong PINs to prevent unauthorized local access. 3) Monitor for updates from the GalleryVault vendor and apply patches promptly once available. 4) If possible, configure Android application permissions and component exports manually by inspecting the AndroidManifest.xml or using mobile device management (MDM) solutions to restrict exported components. 5) Educate users about the risks of installing apps from untrusted sources and the importance of device security to prevent local exploitation. 6) Consider alternative secure vault applications with better security track records if the Gallery Vault App is critical but unpatched. 7) Implement endpoint detection and response (EDR) tools capable of detecting suspicious local activity on mobile devices to identify potential exploitation attempts early.