CVE-2025-9135 — MEDIUM (5.3)

Q: How severe is CVE-2025-9135?

CVE-2025-9135 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-9135?

Check the references section above for vendor advisories and patch information. Affected products include: Verkehrsauskunft Smartride.

Vulnerability Description

A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android application components. The attack must be initiated from a local position. The exploit is now public and may be used. Upgrading to version 12.1.2(259) is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor was contacted early and fixed the issue by "[r]emoving the task affinity of the app so it can't be copied".

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Verkehrsauskunft	Smartride	< 12.1.2\(259\)

Related Weaknesses (CWE)

CWE-926

References

https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.mdExploitThird Party Advisory
https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-toExploitThird Party Advisory
https://vuldb.com/?ctiid.320515Permissions RequiredVDB Entry
https://vuldb.com/?id.320515Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.615276Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.615278Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.628235Third Party AdvisoryVDB Entry
https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.mdExploitThird Party Advisory
https://github.com/KMov-g/androidapps/blob/main/de.hafas.android.vvt.md#steps-toExploitThird Party Advisory

FAQ

What is CVE-2025-9135?

CVE-2025-9135 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer, BusBahnBim and Salzburg Verkehr up to 12.1.1(258) on Android. The impacted element is an unknown function of the file A...

How severe is CVE-2025-9135?

CVE-2025-9135 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-9135?

Check the references section above for vendor advisories and patch information. Affected products include: Verkehrsauskunft Smartride.