Primary

Context

GeniusTools Color Phone Call Screen Theme Unintended Outgoing Call Vulnerability

Vulnerability

A vulnerability in the Color Phone: Call Screen Theme application, specifically in version 21.1.9 for Android, allows any app to make phone calls without user interaction. This is achieved by sending a crafted intent to the exported DialerActivity component, bypassing normal permission requirements.

Impact

Exploitation of this vulnerability enables unauthorized applications to place phone calls on behalf of the user, without their consent or knowledge.

Reproduction

The vulnerability can be reproduced by sending a crafted intent to the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. This can be done from any application installed on the device, as no special permissions are required.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GeniusTools Color Phone Call Screen Theme Unintended Outgoing Call Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating