CVE-2025-48561: In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local…

CVE-2025-48561 [MEDIUM] CWE-203 GHSA-r9mm-fg76-g89p: In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48561 [MEDIUM] New Android Pixnapping attack steals MFA codes pixel-by-pixel ## New Android Pixnapping attack steals MFA codes pixel-by-pixel ## Bill Toulas Google attempted to fix the problem ( CVE-2025-48561 ) in the September Android update . However, researchers were able to bypass the mitigation and an effective solution is expected in the December 2025 Android security update. ## How Pixnapping works The attack starts with a malicious app abusing Android’s intents system to launch the target app or webpage, so its window is submitted to the system’s composition process (SurfaceFlinger), which is responsible for combining multiple windows when they are visible at the same time. In the next step, the malicious app maps the target pixels (for instance, the pixels forming the digit of a 2FA code) and determines through multiple graphical operations if they a