CVE-2025-52926: 
Rust vulnerability analysis and mitigation

CVE-2025-52926 is a security vulnerability discovered in spytrap-adb versions before 0.3.5, disclosed on June 21, 2025. The vulnerability affects the scan.rs component where matches for known stalkerware are not rendered in the interactive user interface. The vulnerability has been assigned a CVSS 3.1 base score of 2.7 (LOW) (NVD, Wiz).

The vulnerability is classified as CWE-223 (Omission of Security-relevant Information). The issue occurs in the scan.rs component where stalkerware detection results are logged but not properly passed to the Terminal User Interface (TUI). The CVSS vector string is CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N, indicating local access required, high attack complexity, and low impact (NVD, Ubuntu).

The vulnerability results in stalkerware detection results being omitted from the interactive user interface, potentially leaving users unaware of identified stalkerware threats on their systems. This is particularly concerning as the TUI is the primary interface used by most users of the tool (GitHub Release).

The vulnerability has been fixed in spytrap-adb version 0.3.5. Users are advised to upgrade to this version or later to ensure proper display of stalkerware detection results in the TUI. The fix involves properly passing stalkerware detection results to the user interface (GitHub Release).

The project maintainers acknowledged the severity of the issue, with one maintainer describing it as "pretty bad" and expressing gratitude for its discovery. The fix was treated as urgent due to the TUI being the primary interface for most users (GitHub PR).