CVE-2025-8192
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-07-31
Assigner: Google Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Time-Of-Check to Time-Of-Use (TOCTOU) race condition in the TvSettings AppRestrictionsFragment.java. It allows an attacker to exploit the time window between the security check of an Intent and its actual use to change the target component's state. This bypasses the original security sanitization, enabling the attacker to start an activity supplied by them within the system-uid context, effectively allowing them to launch any activity anywhere.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary activities with system-level privileges by launching attacker-controlled activities in the system context. This can lead to unauthorized actions, privilege escalation, and potentially compromise the security and integrity of the affected system.