Is there a public PoC exploit available for CVE-2025-7940?

Yes, a public proof-of-concept exploit is available for CVE-2025-7940. Prioritise patching immediately. EPSS: 0.0%.

Genshin Albedo Cat House App CVE-2025-7940

Q: What is the CVSS score of CVE-2025-7940?

CVE-2025-7940 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Improper Export of Android Application Components (CWE-926)

2025-07-21 cna@vuldb.com

Information Disclosure Google

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:29 vuln.today

DescriptionCVE.org

A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

AnalysisAI

Improper export of Android application components in Genshin Albedo Cat House App 1.0.2 allows local attackers with user privileges to access sensitive information through AndroidManifest.xml misconfigurations in the com.house.auscat component. The vulnerability requires local access and authenticated user privileges but carries minimal real-world risk due to low EPSS (0.02%) and the constraint of local-only exploitation.

Technical ContextAI

The vulnerability stems from CWE-926 (Improper Export of Android Application Components), which occurs when Android app components (Activities, Services, Broadcast Receivers, Content Providers) are exported without proper permission protection in AndroidManifest.xml. The affected component com.house.auscat in version 1.0.2 fails to restrict access to exported components, potentially allowing other locally-installed apps or local users to interact with these components and retrieve sensitive information. This is a configuration-level vulnerability in the Android manifest file rather than a code logic flaw.

Affected ProductsAI

Genshin Albedo Cat House App version 1.0.2 for Android is confirmed affected. The vulnerability specifically impacts the com.house.auscat component as documented in AndroidManifest.xml. No information on earlier or later versions is provided in available references.

RemediationAI

The developer should immediately review and restrict the export permissions of the com.house.auscat component and any other exported components in AndroidManifest.xml by adding explicit permission attributes (android:permission or android:protectionLevel) or setting android:exported='false' for components that do not require inter-process communication. Users should update to a patched version once released by the app developer. As an interim compensating control, users can restrict installation of untrusted third-party applications that might attempt to communicate with improperly exported components by limiting app sources to official Google Play Store or disabling installation from unknown sources. No vendor advisory or official patch version has been identified at this time - monitor the app store listing or developer channels for updates.

CVE-2025-7940 vulnerability details – vuln.today

Back