CVE-2025-22416 — Confused Deputy in Frameworks Base

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 13:0 < 13:2025-04-01	13:2025-04-01
platform	frameworks_base	>= 14:0 < 14:2025-04-01	14:2025-04-01
platform	frameworks_base	>= 15-next:0 < 15-next:2025-04-01	15-next:2025-04-01
platform	frameworks_base	>= 15:0 < 15:2025-04-01	15:2025-04-01

GHSA

GHSA-frq7-v2jm-qhwv: In onCreate of ChooserActivity

ghsa_unreviewed·2025-09-03

CVE-2025-22416 GHSA-frq7-v2jm-qhwv: In onCreate of ChooserActivity In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-22416: In onCreate of ChooserActivity

osv·2025-04-01

CVE-2025-22416 CVE-2025-22416: In onCreate of ChooserActivity In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-22416: Android Security Bulletin 2025-04-01 CVE: CVE-2025-22416 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14, 15 References: A-277207798

vendor_android·2025-04-01·CVSS 7.8

CVE-2025-22416 [HIGH] CVE-2025-22416: Android Security Bulletin 2025-04-01 CVE: CVE-2025-22416 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14, 15 References: A-277207798 Android Security Bulletin 2025-04-01 CVE: CVE-2025-22416 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14, 15 References: A-277207798

CVE-2025-22416: In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of…

Affected