CVE-2025-48546 - Android SafeActivityOptions Local Privilege Escalation
CVE ID : CVE-2025-48546
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48546
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48547 - "Apache Elevation of Privilege Vulnerability"
CVE ID : CVE-2025-48547
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48547
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48548 - Android AppOpsControllerImpl Audio Recording Privilege Escalation
CVE ID : CVE-2025-48548
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48548
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48549 - "Google Pixel Audio Privilege Escalation Vulnerability"
CVE ID : CVE-2025-48549
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48549
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48550 - Apache Slice Permanent Denial of Service Vulnerability
CVE ID : CVE-2025-48550
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48550
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48551 - Android Confused Deputy Image Leak
CVE ID : CVE-2025-48551
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48551
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48552 - Android DevicePolicyManager Service Local Privilege Escalation
CVE ID : CVE-2025-48552
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48552
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48553 - "Samsung DevicePolicyManagerService Local Privilege Escalation"
CVE ID : CVE-2025-48553
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48553
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48554 - Android DevicePolicyManagerService Persistent DoS Vulnerability
CVE ID : CVE-2025-48554
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48554
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48556 - Android NotificationChannel Deserialization Privilege Escalation
CVE ID : CVE-2025-48556
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48556
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48558 - Android BatteryService Implicit Intent Hijacking
CVE ID : CVE-2025-48558
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48558
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48559 - Android AppOpsService Local Denial of Service
CVE ID : CVE-2025-48559
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48559
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48560 - Android App Motion Event Confused Deputy Information Disclosure
CVE ID : CVE-2025-48560
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48560
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48561 - HP Printer Side Channel Information Disclosure
CVE ID : CVE-2025-48561
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48561
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48562 - Apache RemotePrintDocument Java Information Disclosure Vulnerability
CVE ID : CVE-2025-48562
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48562
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48563 - Google Android Remote Fill Service Null Binding Privilege Escalation
CVE ID : CVE-2025-48563
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48563
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48581 - Apache Apex Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-48581
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48581
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40664 - Samsung Android AccessibilityService Denial of Service Vulnerability
CVE ID : CVE-2024-40664
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40664
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49731 - Google Pixel Watch Local Privilege Escalation
CVE ID : CVE-2024-49731
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49731
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22414 - FrpBypassAlertActivity Local Privilege Escalation
CVE ID : CVE-2025-22414
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22414
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22415 - Android RCE: Android System Activity Launcher
CVE ID : CVE-2025-22415
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22415
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...