CVE-2025-48560 — Confused Deputy in Frameworks Base

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 15:0 < 15:2025-09-01	15:2025-09-01
platform	frameworks_base	>= 16-next:0 < 16-next:2025-09-01	16-next:2025-09-01
platform	frameworks_base	>= 16:0 < 16:2025-09-01	16:2025-09-01

GHSA

GHSA-84wh-q3jr-wrjx: In AndroidManifest

ghsa_unreviewed·2025-09-04

CVE-2025-48560 [MEDIUM] CWE-441 GHSA-84wh-q3jr-wrjx: In AndroidManifest In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-48560: In AndroidManifest

osv·2025-09-01

CVE-2025-48560 CVE-2025-48560: In AndroidManifest In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-48560: Android Security Bulletin 2025-09-01 CVE: CVE-2025-48560 Severity: HIGH Type: ID Affected AOSP versions: 15, 16 References: A-419110583

vendor_android·2025-09-01·CVSS 5.5

CVE-2025-48560 [MEDIUM] CVE-2025-48560: Android Security Bulletin 2025-09-01 CVE: CVE-2025-48560 Severity: HIGH Type: ID Affected AOSP versions: 15, 16 References: A-419110583 Android Security Bulletin 2025-09-01 CVE: CVE-2025-48560 Severity: HIGH Type: ID Affected AOSP versions: 15, 16 References: A-419110583

CVE-2025-48560: In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure…

Affected