Google Android vulnerabilities

CVE-2025-48535 [HIGH] CWE-502 CVE-2025-48535: In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to expl In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48540 [HIGH] CWE-787 CVE-2025-48540: In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a l In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26452 [HIGH] CWE-441 CVE-2025-26452: In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48530 [HIGH] CWE-125 CVE-2025-48530: In multiple locations, there is a possible condition that results in OOB accesses due to an incorrec In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32321 [HIGH] CWE-441 CVE-2025-32321: In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent typ In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48553 [HIGH] CVE-2025-48553: In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device adm In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48543 [HIGH] CWE-416 CVE-2025-48543: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_ser In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32322 [HIGH] CWE-20 CVE-2025-32322: In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32345 [HIGH] CWE-269 CVE-2025-32345: In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a se In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48522 [HIGH] CWE-693 CVE-2025-48522: In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM assoc In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32333 [HIGH] CWE-863 CVE-2025-32333: In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32331 [HIGH] CWE-693 CVE-2025-32331: In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning du In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32325 [HIGH] CWE-122 CVE-2025-32325: In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48556 [HIGH] CWE-20 CVE-2025-48556: In multiple methods of NotificationChannel.java, there is a possible desynchronization from persiste In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-49714 [HIGH] CWE-122 CVE-2024-49714: In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer over In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26450 [HIGH] CWE-862 CVE-2025-26450: In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26455 [HIGH] CWE-122 CVE-2025-26455: In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap bu In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26444 [HIGH] CWE-693 CVE-2025-26444: In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the sys In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted

CVE-2025-36905 [HIGH] CWE-693 CVE-2025-36905: In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic erro In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48541 [HIGH] CWE-20 CVE-2025-48541: In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user pro In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.