CVE-2025-0094 — Packages Apps Settings vulnerability

2 documents2 sources
Severity
—N/A
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Platform Packages Apps Settings
Timeline
PublishedFeb 1

Description

In onCreateOptionsMenu of UserSettings.java, there is a possible way to remove the work profile by opening a hidden activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Packages1 packages

▶Androidplatform/packages_apps_settings15-next:0 — 15-next:2025-02-01+5

🔴Vulnerability Details

1
OSV
CVE-2025-0094: In onCreateOptionsMenu of UserSettings↗2025-02-01
â–¶

📋Vendor Advisories

1
Android
CVE-2025-0094: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0094 Severity: HIGH Type: EoP Affected AOSP versions: 12, 12L, 13, 14, 15 References: A-352542820↗2025-02-01
â–¶
CVE-2025-0094 — Packages Apps Settings vulnerability | cvebase