CVE-2025-15464
Published: 08 January 2026
Summary
CVE-2025-15464 is a high-severity Improper Export of Android Application Components (CWE-926) vulnerability in Yintibao Fun Print. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Email Collection (T1114); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-19 (Access Control for Mobile Devices) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2025-15464 is a vulnerability in the Gmail Android application involving an improperly exported Activity component. This flaw enables external applications to acquire the application's context and directly launch the Gmail app with access to the user's inbox, circumventing intended security controls. Classified under CWE-926 (Improper Export of Android Application Components), it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility and low attack complexity.
Any unauthenticated external application can exploit this vulnerability without user privileges or interaction beyond normal app usage. An attacker could deploy a malicious app or leverage network-accessible intents, such as from a web page, to invoke the exported Activity. Successful exploitation grants direct read access to the victim's Gmail inbox, potentially exposing sensitive email content.
KoreLogic's advisory (KL-001-2026-001) provides technical details on the issue, published on January 8, 2026, with a proof-of-concept exploit available. Additional analysis appears in the Full Disclosure mailing list archive for January 2026. No patches or specific mitigations are detailed in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-1454
Vulnerability details
Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Exported Activity directly enables unauthorized inbox access, facilitating email collection (T1114).
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-19 establishes usage restrictions and configuration guidance for mobile devices, directly preventing unauthorized external app access to sensitive activities like the improperly exported Gmail inbox launcher.
CM-6 mandates secure configuration settings for system components, addressing the improper export of Android Activities in the Gmail app manifest.
CM-7 enforces least functionality by prohibiting unnecessary exposed components, mitigating the risk of exported Activities providing direct inbox access.