TextNow 2ndLine Application Unintended Call Placement Vulnerability

Vulnerability

A vulnerability in the TextNow 2ndLine application for Android, specifically in version 24.17.1.0, allows any installed application to make phone calls without user interaction. This is achieved by sending a crafted intent to the exported DialerActivity component. The vulnerability does not require any special permissions, enabling unauthorized call placement from other apps.

Impact

Exploitation of this vulnerability allows for unauthorized phone calls to be made from the affected device, without the user's consent or knowledge.

Added: Jul 21, 2025, 3:59 PM

Updated: Jul 21, 2025, 3:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TextNow 2ndLine Application Unintended Call Placement Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating