Miggo Logo
Miggo Vulnerability Database
CVE-2025-52926

CVE-2025-52926: spytrap-adb Omission of Security-relevant Information

2.7

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-52926
GHSA ID
GHSA-5p2p-6g2c-hf7m
EPSS Score
0.02143%
CWE
CWE-223
Published
6/23/2025
Updated
6/23/2025
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
spytrap-adbrust< 0.3.50.3.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability lies in the failure to display critical security information to the user. The analysis of the provided commit 277cec542466b75cf5a8c532581243fd4b7b9713 clearly indicates that the scan::run function in src/scan.rs was modified to address this issue. The patch adds a call to report.app(...), which is responsible for passing the detected stalkerware information to the user interface. Prior to this change, the application would detect the stalkerware, log it, but the user would remain unaware through the interactive UI. Therefore, the scan::run function is the exact location of the vulnerability, as it was its responsibility to communicate these findings. Any runtime profile during the exploitation (or rather, the non-reporting) of this vulnerability would show the scan::run function executing, but failing to trigger the UI update.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In s**n.rs in spytr*p-*** ***or* *.*.*, m*t***s *or known st*lk*rw*r* *r* not r*n**r** in t** int*r**tiv* us*r int*r****.

Reasoning

T** vuln*r**ility li*s in t** **ilur* to *ispl*y *riti**l s**urity in*orm*tion to t** us*r. T** *n*lysis o* t** provi*** *ommit `****************************************` *l**rly in*i**t*s t**t t** `s**n::run` *un*tion in `sr*/s**n.rs` w*s mo*i*i** t