CVE-2025-48651

3 documents3 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 99.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedApr 6

Description

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Packages1 packages

CVEListV5google/androidAndroid SoC

🔴Vulnerability Details

2
GHSA
GHSA-9wq4-qr6w-vc44: StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-4672026-04-06
CVEList
CVE-2025-48651: In importWrappedKey of KMKeymasterApplet2026-04-06
CVE-2025-48651 (MEDIUM CVSS 5.5) | In importWrappedKey of KMKeymasterA | cvebase.io