CVE-2025-48618
published 2025-12-08CVE-2025-48618: In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to…
medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_opt_telephony | >= 13:0 < 13:2025-12-01 | 13:2025-12-01 |
| platform | frameworks_opt_telephony | >= 14:0 < 14:2025-12-01 | 14:2025-12-01 |
| platform | frameworks_opt_telephony | >= 15:0 < 15:2025-12-01 | 15:2025-12-01 |
| platform | frameworks_opt_telephony | >= 16-qpr2-next:0 < 16-qpr2-next:2025-12-01 | 16-qpr2-next:2025-12-01 |
| platform | frameworks_opt_telephony | >= 16:0 < 16:2025-12-01 | 16:2025-12-01 |