CVE-2025-15464

HighPublic PoC

Published: 08 January 2026

Published

08 January 2026

Modified

12 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0003 7.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15464 is a high-severity Improper Export of Android Application Components (CWE-926) vulnerability in Yintibao Fun Print. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Email Collection (T1114); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Email Collection (T1114).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1114 Email Collection Collection

Adversaries may target user email to collect sensitive information.

attack.mitre.org →

Why these techniques?

Exported Activity directly enables unauthorized inbox access, facilitating email collection (T1114).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

Deeper analysisAI

CVE-2025-15464 is a vulnerability in the Gmail Android application involving an improperly exported Activity component. This flaw enables external applications to acquire the application's context and directly launch the Gmail app with access to the user's inbox, circumventing intended security controls. Classified under CWE-926 (Improper Export of Android Application Components), it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility and low attack complexity.

Any unauthenticated external application can exploit this vulnerability without user privileges or interaction beyond normal app usage. An attacker could deploy a malicious app or leverage network-accessible intents, such as from a web page, to invoke the exported Activity. Successful exploitation grants direct read access to the victim's Gmail inbox, potentially exposing sensitive email content.

KoreLogic's advisory (KL-001-2026-001) provides technical details on the issue, published on January 8, 2026, with a proof-of-concept exploit available. Additional analysis appears in the Full Disclosure mailing list archive for January 2026. No patches or specific mitigations are detailed in the provided references.

Details

CWE(s): CWE-926

Affected Products

yintibao

fun print

6.05.15

References

https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt
Exploit, Third Party Advisory · bbf0bd87-ece2-41be-b873-96928ee8fab9
http://seclists.org/fulldisclosure/2026/Jan/12
Exploit, Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://korelogic.com/Resources/Advisories/KL-001-2026-001.poc.js.txt
Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0