CVE-2025-22432
published 2025-12-08CVE-2025-22432: In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_services_telecomm | >= 13:0 < 13:2025-12-01 | 13:2025-12-01 |
| platform | packages_services_telecomm | >= 14:0 < 14:2025-12-01 | 14:2025-12-01 |
| platform | packages_services_telecomm | >= 15:0 < 15:2025-12-01 | 15:2025-12-01 |
| platform | packages_services_telecomm | >= 16-qpr2-next:0 < 16-qpr2-next:2025-12-01 | 16-qpr2-next:2025-12-01 |
| platform | packages_services_telecomm | >= 16:0 < 16:2025-12-01 | 16:2025-12-01 |