CVE-2025-0082
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-09-02
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 12.0 | |
| android | 12.1 | |
| android | 13.0 | |
| android | 15.0 | |
| android | 14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-610 | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in multiple functions of StatusHint.java and TelecomServiceImpl.java, where a confused deputy issue allows images to be revealed across users. Essentially, it means that due to improper handling of permissions or authority, one user might be able to access images belonging to another user. Exploiting this requires user interaction and does not need any additional execution privileges.
How can this vulnerability impact me? :
The vulnerability can lead to local information disclosure, meaning sensitive images could be exposed to unauthorized users on the same device. This could compromise user privacy by revealing personal or confidential images without needing elevated privileges.