CVE-2025-22417 — UI Misrepresentation / Clickjacking

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 14:0 < 14:2025-04-01	14:2025-04-01
platform	frameworks_base	>= 15-next:0 < 15-next:2025-04-01	15-next:2025-04-01
platform	frameworks_base	>= 15:0 < 15:2025-04-01	15:2025-04-01

GHSA

GHSA-53hm-crm3-58qw: In finishTransition of Transition

ghsa_unreviewed·2025-09-03

CVE-2025-22417 GHSA-53hm-crm3-58qw: In finishTransition of Transition In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

OSV

CVE-2025-22417: In finishTransition of Transition

osv·2025-04-01

CVE-2025-22417 CVE-2025-22417: In finishTransition of Transition In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Android

CVE-2025-22417: Android Security Bulletin 2025-04-01 CVE: CVE-2025-22417 Severity: HIGH Type: EoP Affected AOSP versions: 14, 15 References: A-332277530

vendor_android·2025-04-01·CVSS 7.3

CVE-2025-22417 [HIGH] CVE-2025-22417: Android Security Bulletin 2025-04-01 CVE: CVE-2025-22417 Severity: HIGH Type: EoP Affected AOSP versions: 14, 15 References: A-332277530 Android Security Bulletin 2025-04-01 CVE: CVE-2025-22417 Severity: HIGH Type: EoP Affected AOSP versions: 14, 15 References: A-332277530

CVE-2025-22417: In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to…

Affected