CVE-2025-48549
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 15.0 | |
| android | 14.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to secretly record audio through a background app, potentially capturing sensitive conversations or information without the user's knowledge or consent.
Can you explain this vulnerability to me?
This vulnerability allows a background app to record audio without proper permission checks. It occurs in multiple locations within the system, enabling the app to escalate privileges locally without needing any additional execution privileges or user interaction.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70