CVE-2025-32312
published 2025-09-04CVE-2025-32312: In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13:0 < 13:2025-06-01 | 13:2025-06-01 |
| platform | frameworks_base | >= 14:0 < 14:2025-06-01 | 14:2025-06-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-06-01 | 15:2025-06-01 |
| platform | frameworks_base | >= 16-next:0 < 16-next:2025-06-01 | 16-next:2025-06-01 |
GHSA
GHSA-2cvj-3458-7wc9: In createIntentsList of PackageParser
ghsa_unreviewed·2025-09-05
CVE-2025-32312 [HIGH] CWE-502 GHSA-2cvj-3458-7wc9: In createIntentsList of PackageParser
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-32312: In createIntentsList of PackageParser
osv·2025-06-01
CVE-2025-32312 CVE-2025-32312: In createIntentsList of PackageParser
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2025-32312: Android Security Bulletin 2025-06-01
CVE: CVE-2025-32312
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-373467684
vendor_android·2025-06-01·CVSS 7.8
CVE-2025-32312 [HIGH] CVE-2025-32312: Android Security Bulletin 2025-06-01
CVE: CVE-2025-32312
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-373467684
Android Security Bulletin 2025-06-01
CVE: CVE-2025-32312
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-373467684
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published