Google Android vulnerabilities

CVE-2025-48627 [HIGH] CVE-2025-48627: In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch a In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48596 [HIGH] CWE-125 CVE-2025-48596: In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. T In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32328 [HIGH] CVE-2025-32328: In multiple functions of Session.java, there is a possible way to view images belonging to a differe In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48583 [HIGH] CVE-2025-48583: In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48621 [HIGH] CWE-1188 CVE-2025-48621: In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a ins In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48572 [HIGH] CWE-306 CVE-2025-48572: In multiple locations, there is a possible way to launch activities from the background due to a per In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22420 [HIGH] CWE-441 CVE-2025-22420: In multiple locations, there is a possible way to leak audio files across user profiles due to a con In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48639 [HIGH] CWE-1021 CVE-2025-48639: In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48566 [HIGH] CWE-20 CVE-2025-48566: In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent d In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48555 [HIGH] CWE-441 CVE-2025-48555: In multiple functions of NotificationStation.java, there is a possible cross-profile information dis In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48575 [HIGH] CWE-862 CVE-2025-48575: In multiple functions of CertInstaller.java, there is a possible way to install certificates due to In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48637 [HIGH] CWE-190 CVE-2025-48637: In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer ov In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48565 [HIGH] CVE-2025-48565: In multiple locations, there is a possible way to bypass the cross profile intent filter due to a lo In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48606 [HIGH] CVE-2025-48606: In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48624 [HIGH] CWE-787 CVE-2025-48624: In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper inpu In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48536 [HIGH] CWE-441 CVE-2025-48536: In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a t In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48599 [HIGH] CWE-862 CVE-2025-48599: In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device confi In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48638 [HIGH] CWE-787 CVE-2025-48638: In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input val In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48625 [HIGH] CWE-362 CVE-2025-48625: In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB d In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48589 [HIGH] CVE-2025-48589: In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissio In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.