CVE-2025-2667 - IBM Sterling B2B Integrator information disclosure
CVE ID : CVE-2025-2667
Published : Sept. 4, 2025, 2:45 p.m. | 20 minutes ago
Description : IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2667
Published : Sept. 4, 2025, 2:45 p.m. | 20 minutes ago
Description : IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48538 - Android PackageManagerService Local Denial of Service Vulnerability
CVE ID : CVE-2025-48538
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48538
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48539 - Google SendPacketToPeer Use After Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-48539
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48539
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48540 - Apache Rpc Local Privilege Escalation
CVE ID : CVE-2025-48540
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48540
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48541 - Android FaceSettings Biometric Unlock Privilege Escalation
CVE ID : CVE-2025-48541
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48541
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48542 - Android AccountManagerService Resource Exhaustion Denial of Service
CVE ID : CVE-2025-48542
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48542
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48543 - Google Chrome Android Use After Free Sandbox Escalation
CVE ID : CVE-2025-48543
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48543
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48544 - Android Device SQL Injection Local Privilege Escalation
CVE ID : CVE-2025-48544
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48544
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48545 - Android AccountManagerService Confused Deputy Local Privilege Escalation
CVE ID : CVE-2025-48545
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48545
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48546 - Android SafeActivityOptions Local Privilege Escalation
CVE ID : CVE-2025-48546
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48546
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48547 - "Apache Elevation of Privilege Vulnerability"
CVE ID : CVE-2025-48547
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48547
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48548 - Android AppOpsControllerImpl Audio Recording Privilege Escalation
CVE ID : CVE-2025-48548
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48548
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48549 - "Google Pixel Audio Privilege Escalation Vulnerability"
CVE ID : CVE-2025-48549
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48549
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48550 - Apache Slice Permanent Denial of Service Vulnerability
CVE ID : CVE-2025-48550
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48550
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48551 - Android Confused Deputy Image Leak
CVE ID : CVE-2025-48551
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48551
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48552 - Android DevicePolicyManager Service Local Privilege Escalation
CVE ID : CVE-2025-48552
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48552
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48553 - "Samsung DevicePolicyManagerService Local Privilege Escalation"
CVE ID : CVE-2025-48553
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48553
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48554 - Android DevicePolicyManagerService Persistent DoS Vulnerability
CVE ID : CVE-2025-48554
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48554
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48556 - Android NotificationChannel Deserialization Privilege Escalation
CVE ID : CVE-2025-48556
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48556
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48558 - Android BatteryService Implicit Intent Hijacking
CVE ID : CVE-2025-48558
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48558
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48559 - Android AppOpsService Local Denial of Service
CVE ID : CVE-2025-48559
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48559
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...