CVE-2025-0077
published 2025-09-04CVE-2025-0077: In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege…
medium4CVSS 3.1
AVLACLPRNUINSUCLINAN
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 15-next:0 < 15-next:2025-05-01 | 15-next:2025-05-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-05-01 | 15:2025-05-01 |
GHSA
GHSA-4ccf-fmqp-6crg: In multiple functions of UserController
ghsa_unreviewed·2025-09-04
CVE-2025-0077 [MEDIUM] CWE-1223 GHSA-4ccf-fmqp-6crg: In multiple functions of UserController
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-0077: In multiple functions of UserController
osv·2025-05-01
CVE-2025-0077 CVE-2025-0077: In multiple functions of UserController
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2025-0077: Android Security Bulletin 2025-05-01
CVE: CVE-2025-0077
Severity: HIGH
Type: EoP
Affected AOSP versions: 15
References: A-360838273
[2]
[3]
[4]
[5]
[6
vendor_android·2025-05-01·CVSS 4.0
CVE-2025-0077 [MEDIUM] CVE-2025-0077: Android Security Bulletin 2025-05-01
CVE: CVE-2025-0077
Severity: HIGH
Type: EoP
Affected AOSP versions: 15
References: A-360838273
[2]
[3]
[4]
[5]
[6
Android Security Bulletin 2025-05-01
CVE: CVE-2025-0077
Severity: HIGH
Type: EoP
Affected AOSP versions: 15
References: A-360838273
[2]
[3]
[4]
[5]
[6]
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://android.googlesource.com/platform/frameworks/base/+/37a4df78c7e1b91066b341b05fb767f27c5da835https://android.googlesource.com/platform/frameworks/base/+/3b04c948727c35e6ad429eefc6aaa9c261addf12https://android.googlesource.com/platform/frameworks/base/+/5f59ac63cb7042d58dae196e890ec52424ebe8b5https://android.googlesource.com/platform/frameworks/base/+/8c290a4d87c27a4ad65757e97ff9e634d9fe865ehttps://android.googlesource.com/platform/frameworks/base/+/a09b6451c99f8aa99c49a0e584e12be455c414f4https://android.googlesource.com/platform/frameworks/base/+/c059123b8e9c0920a30f896513116a8b88bfc4e1https://source.android.com/security/bulletin/2025-05-01
2025-09-04
Published