Vulnerability Description
A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aftership | Aftership Package Tracker | <= 5.24.1 |
Related Weaknesses (CWE)
References
- https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.mdExploitThird Party Advisory
- https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#stepsExploitThird Party Advisory
- https://vuldb.com/?ctiid.320514Permissions RequiredVDB Entry
- https://vuldb.com/?id.320514Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.615253Third Party AdvisoryVDB Entry
- https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.mdExploitThird Party Advisory
- https://github.com/KMov-g/androidapps/blob/main/com.aftership.AfterShip.md#stepsExploitThird Party Advisory
FAQ
What is CVE-2025-9134?
CVE-2025-9134 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.af...
How severe is CVE-2025-9134?
CVE-2025-9134 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9134?
Check the references section above for vendor advisories and patch information. Affected products include: Aftership Aftership Package Tracker.