CVE-2025-32346 — Confused Deputy

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
platform	packages_services_telephony	>= 16-next:0 < 16-next:2025-09-01	16-next:2025-09-01
platform	packages_services_telephony	>= 16:0 < 16:2025-09-01	16:2025-09-01

GHSA

GHSA-q3v2-p7qq-49mc: In onActivityResult of VoicemailSettingsActivity

ghsa_unreviewed·2025-09-04

CVE-2025-32346 [HIGH] CWE-441 GHSA-q3v2-p7qq-49mc: In onActivityResult of VoicemailSettingsActivity In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-32346: In onActivityResult of VoicemailSettingsActivity

osv·2025-09-01

CVE-2025-32346 CVE-2025-32346: In onActivityResult of VoicemailSettingsActivity In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-32346: Android Security Bulletin 2025-09-01 CVE: CVE-2025-32346 Severity: HIGH Type: EoP Affected AOSP versions: 16 References: A-337785563

vendor_android·2025-09-01·CVSS 7.8

CVE-2025-32346 [HIGH] CVE-2025-32346: Android Security Bulletin 2025-09-01 CVE: CVE-2025-32346 Severity: HIGH Type: EoP Affected AOSP versions: 16 References: A-337785563 Android Security Bulletin 2025-09-01 CVE: CVE-2025-32346 Severity: HIGH Type: EoP Affected AOSP versions: 16 References: A-337785563

CVE-2025-32346: In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local…

Affected