CVE-2025-9135

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Verkehrsauskunft Österreich SmartRide versions up to 12.1.1(258) cleVVVer versions up to 12.1.1(258) BusBahnBim versions up to 12.1.1(258)

Description: A vulnerability exists related to the improper export of Android application components due to manipulation of an unknown function within the AndroidManifest.xml file. The attack requires local access. The exploit is publicly available.

Recommendations: Upgrade Verkehrsauskunft Österreich SmartRide to version 12.1.2(259). Upgrade cleVVVer to version 12.1.2(259). Upgrade BusBahnBim to version 12.1.2(259). Update the affected component.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-926

Related Identifiers

CVE-2025-9135

Affected Products

Busbahnbim

Verkehrsauskunft Österreich Smartride

Clevvver

CVE-2025-9135

Weakness Enumeration

Related Identifiers

Affected Products

References · 14