CVE-2025-48543
published 2025-09-04CVE-2025-48543: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local…
high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
KEV
CISA Known Exploited Vulnerabilitydue 2025-09-25
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | art | >= 13:0 < 13:2025-09-01 | 13:2025-09-01 |
| platform | art | >= 14:0 < 14:2025-09-01 | 14:2025-09-01 |
| platform | art | >= 15:0 < 15:2025-09-01 | 15:2025-09-01 |
| platform | art | >= 16-next:0 < 16-next:2025-09-01 | 16-next:2025-09-01 |
| platform | art | >= 16:0 < 16:2025-09-01 | 16:2025-09-01 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vulncheck8.8HIGH
cisa8.8HIGH
GHSA
GHSA-98cr-q848-h9x3: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free
ghsa_unreviewed·2025-09-04
CVE-2025-48543 [HIGH] CWE-416 GHSA-98cr-q848-h9x3: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-48543: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free
osv·2025-09-01
CVE-2025-48543 CVE-2025-48543: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
VulnCheck
Android Runtime Use-After-Free Vulnerability
vulncheck·2025·CVSS 8.8
CVE-2025-48543 [HIGH] Android Runtime Use-After-Free Vulnerability
Android Runtime Use-After-Free Vulnerability
Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
Affected: Android Runtime
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://source.android.com/docs/security/bulletin/2025-09-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.rapid7.com/cdn/assets/bltbd2f1cd70f9e3e7f/691360b9c91291146f1a5308/threat-landscape-report-q3-2025.pdf; https://www.loginsoft.co
CISA
Android Runtime Use-After-Free Vulnerability
cisa·2025-09-04·CVSS 8.8
CVE-2025-48543 [HIGH] Android Runtime Use-After-Free Vulnerability
Vulnerability: Android Runtime Use-After-Free Vulnerability
Affected: Android Runtime
Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://source.android.com/docs/security/bulletin/2025-09-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48543
Remediation Due Date: 2025-09-25
Android
CVE-2025-48543: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48543
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-421834866
vendor_android·2025-09-01·CVSS 8.8
CVE-2025-48543 [HIGH] CVE-2025-48543: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48543
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-421834866
Android Security Bulletin 2025-09-01
CVE: CVE-2025-48543
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-421834866
No detection rules found.
No public exploits indexed.
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review
blogs_mandiant·2026-03-05
Look What You Made Us Patch: 2025 Zero-Days in Review
Threat Intelligence
# Look What You Made Us Patch: 2025 Zero-Days in Review
March 5, 2026
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan
### Executive Summary
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels.
In 2025, we continued to observe the structural shift, first
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review
blogs_mandiant·2026-03-05
Look What You Made Us Patch: 2025 Zero-Days in Review
## Look What You Made Us Patch: 2025 Zero-Days in Review
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan
## Executive Summary
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels.
In 2025, we continued to observe the structural shift, first identified in 2024, toward increased enterprise exploitation. Both
Mandiant
Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Intellexa’s Prolific Zero-Day Exploits Continue
Threat Intelligence
# Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
December 3, 2025
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
### Introduction
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving.
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside
Mandiant
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
## Introduction
Despite extensive scrutiny and public reporting , commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government . New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving .
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside research published by our colleagues from Recorded Future and Amne
Krebs
Microsoft Patch Tuesday, September 2025 Edition
blogs_krebs·2025-09-09·CVSS 8.8
[HIGH] Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.
Microsoft assigns security flaws a “critical” rating when malware or miscreants can exploit them to gain remote access to a Windows system with little or no help from users. Among the more concerning critical bugs quashed this month is CVE-2025-54918 . The problem here resides with Windows NTLM , or NT LAN Manager, a suite of code for managing authentication in a
Krebs
Microsoft Patch Tuesday, September 2025 Edition
blogs_krebs·2025-09-09·CVSS 8.8
[HIGH] Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.
Microsoft assigns security flaws a “critical” rating when malware or miscreants can exploit them to gain remote access to a Windows system with little or no help from users. Among the more concerning critical bugs quashed this month is CVE-2025-54918. The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Wi
Recorded Future
September 2025 CVE Landscape
blogs_recorded_future·CVSS 7.2
[HIGH] September 2025 CVE Landscape
# September 2025 CVE Landscape
In September 2025, Recorded Future’s Insikt Group® identified sixteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the eighteen identified in August, with the number of Very Critical vulnerabilities also decreasing (11) month over month.
These vulnerabilities have affected the following vendors: Sudo, Libraesva, Fortra, Cisco, Adminer, Google, Dassault Systèmes, Linux, Android, Sitecore, TP-Link, and Meta Platforms.
September was dominated by flaws in Cisco and TP-Link, which together represented six of the sixteen vulnerabilities. Cisco’s IOS, IOS XE, and Secure Firewall products were affected by flaws, including stack-based and classic buffer overflows (CWE-121, CWE-120) and missing authorization
2025-09-04
Published
2025-09-04
Added to CISA KEV