CVE-2025-22425 — Incorrect Default Permissions

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 13:0 < 13:2025-05-01	13:2025-05-01
platform	frameworks_base	>= 14:0 < 14:2025-05-01	14:2025-05-01
platform	frameworks_base	>= 15-next:0 < 15-next:2025-05-01	15-next:2025-05-01

Android

CVE-2025-22425: Android Security Bulletin 2025-05-01 CVE: CVE-2025-22425 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-364604008 [2]

vendor_android·2025-05-01·CVSS 5.1

CVE-2025-22425 [MEDIUM] CVE-2025-22425: Android Security Bulletin 2025-05-01 CVE: CVE-2025-22425 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-364604008 [2] Android Security Bulletin 2025-05-01 CVE: CVE-2025-22425 Severity: HIGH Type: EoP Affected AOSP versions: 13, 14 References: A-364604008 [2]

GHSA

GHSA-2h4r-wqvw-g722: In onCreate of InstallStart

ghsa_unreviewed·2025-09-04

CVE-2025-22425 [MEDIUM] CWE-276 GHSA-2h4r-wqvw-g722: In onCreate of InstallStart In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

OSV

CVE-2025-22425: In onCreate of InstallStart

osv·2025-05-01

CVE-2025-22425 CVE-2025-22425: In onCreate of InstallStart In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22425: In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege…

Affected