CVE-2025-48556
published 2025-09-04CVE-2025-48556: In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to…
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
Android
CVE-2025-48556: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48556
Severity: HIGH
Type: EoP
Affected AOSP versions: 15, 16
References: A-419014146
vendor_android·2025-09-01·CVSS 7.3
CVE-2025-48556 [HIGH] CVE-2025-48556: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48556
Severity: HIGH
Type: EoP
Affected AOSP versions: 15, 16
References: A-419014146
Android Security Bulletin 2025-09-01
CVE: CVE-2025-48556
Severity: HIGH
Type: EoP
Affected AOSP versions: 15, 16
References: A-419014146
GHSA
GHSA-xvmj-869f-jx24: In multiple methods of NotificationChannel
ghsa_unreviewed·2025-09-04
CVE-2025-48556 [HIGH] CWE-20 GHSA-xvmj-869f-jx24: In multiple methods of NotificationChannel
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published