CVE-2025-48538
published 2025-09-04CVE-2025-48538: In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
Android
CVE-2025-48538: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48538
Severity: HIGH
Type: DoS
Affected AOSP versions: 13, 14, 15, 16
References: A-328182084
vendor_android·2025-09-01·CVSS 5.5
CVE-2025-48538 [MEDIUM] CVE-2025-48538: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48538
Severity: HIGH
Type: DoS
Affected AOSP versions: 13, 14, 15, 16
References: A-328182084
Android Security Bulletin 2025-09-01
CVE: CVE-2025-48538
Severity: HIGH
Type: DoS
Affected AOSP versions: 13, 14, 15, 16
References: A-328182084
GHSA
GHSA-2qmf-q38x-5h24: In setApplicationHiddenSettingAsUser of PackageManagerService
ghsa_unreviewed·2025-09-04
CVE-2025-48538 [MEDIUM] CWE-20 GHSA-2qmf-q38x-5h24: In setApplicationHiddenSettingAsUser of PackageManagerService
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published