Google Android vulnerabilities

CVE-2025-48534 [HIGH] CWE-693 CVE-2025-48534: In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privileg In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48563 [HIGH] CWE-453 CVE-2025-48563: In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32346 [HIGH] CWE-441 CVE-2025-32346: In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact numb In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48537 [HIGH] CWE-20 CVE-2025-48537: In multiple locations, there is a possible way to persistently DoS the device due to improper input In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32327 [HIGH] CWE-89 CVE-2025-32327: In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQ In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26464 [HIGH] CWE-693 CVE-2025-26464: In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launc In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26462 [HIGH] CWE-269 CVE-2025-26462: In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logi In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48545 [HIGH] CWE-441 CVE-2025-48545: In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privilege In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36887 [HIGH] CWE-787 CVE-2025-36887: In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds writ In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0089 [HIGH] CWE-693 CVE-2025-0089: In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in th In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48547 [HIGH] CWE-862 CVE-2025-48547: In multiple locations, there is a possible one-time permission bypass due to a logic error in the co In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-32349 [HIGH] CWE-1021 CVE-2025-32349: In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48533 [HIGH] CWE-362 CVE-2025-48533: In multiple locations, there is a possible way to use apps linked from a context menu of a lockscree In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32347 [HIGH] CWE-926 CVE-2025-32347: In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's lo In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26439 [HIGH] CWE-693 CVE-2025-26439: In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious T In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32323 [HIGH] CWE-20 CVE-2025-32323: In getCallingAppName of Shared.java, there is a possible way to trick users into granting file acces In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36907 [HIGH] CWE-122 CVE-2025-36907: In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26458 [HIGH] CWE-693 CVE-2025-26458: In multiple functions of LocationProviderManager.java, there is a possible background activity launc In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48523 [HIGH] CWE-863 CVE-2025-48523: In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permissio In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22441 [HIGH] CWE-441 CVE-2025-22441: In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.