CVE-2025-48563
published 2025-09-04CVE-2025-48563: In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13:0 < 13:2025-09-01 | 13:2025-09-01 |
| platform | frameworks_base | >= 14:0 < 14:2025-09-01 | 14:2025-09-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-09-01 | 15:2025-09-01 |
| platform | frameworks_base | >= 16-next:0 < 16-next:2025-09-01 | 16-next:2025-09-01 |
| platform | frameworks_base | >= 16:0 < 16:2025-09-01 | 16:2025-09-01 |
GHSA
GHSA-ph86-jhc5-hxfw: In onNullBinding of RemoteFillService
ghsa_unreviewed·2025-09-04
CVE-2025-48563 [HIGH] CWE-453 GHSA-ph86-jhc5-hxfw: In onNullBinding of RemoteFillService
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-48563: In onNullBinding of RemoteFillService
osv·2025-09-01
CVE-2025-48563 CVE-2025-48563: In onNullBinding of RemoteFillService
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2025-48563: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48563
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-401545800
vendor_android·2025-09-01·CVSS 7.8
CVE-2025-48563 [HIGH] CVE-2025-48563: Android Security Bulletin 2025-09-01
CVE: CVE-2025-48563
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-401545800
Android Security Bulletin 2025-09-01
CVE: CVE-2025-48563
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15, 16
References: A-401545800
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published