CVE-2025-48522
published 2025-09-04CVE-2025-48522: In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13:0 < 13:2025-09-01 | 13:2025-09-01 |
| platform | frameworks_base | >= 14:0 < 14:2025-09-01 | 14:2025-09-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-09-01 | 15:2025-09-01 |
| platform | frameworks_base | >= 16-next:0 < 16-next:2025-09-01 | 16-next:2025-09-01 |
| platform | frameworks_base | >= 16:0 < 16:2025-09-01 | 16:2025-09-01 |
Android
CVE-2025-48522: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48522
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-418773283
vendor_android·2025-09-01·CVSS 7.8
CVE-2025-48522 [HIGH] CVE-2025-48522: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48522
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-418773283
Android Security Bulletin 2025-09-01
CVE: CVE-2025-48522
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-418773283
GHSA
GHSA-87v6-8c5r-wh3w: In setDisplayName of AssociationRequest
ghsa_unreviewed·2025-09-04
CVE-2025-48522 [HIGH] CWE-693 GHSA-87v6-8c5r-wh3w: In setDisplayName of AssociationRequest
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-48522: In setDisplayName of AssociationRequest
osv·2025-09-01
CVE-2025-48522 CVE-2025-48522: In setDisplayName of AssociationRequest
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published