CVE-2025-22420
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-10
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-441 | The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a confused deputy issue in multiple locations that can cause audio files to be leaked across different user profiles. It allows local escalation of privilege without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to audio files from other user profiles, potentially exposing sensitive audio data. It allows an attacker to escalate privileges locally without extra permissions or user interaction, increasing the risk of data leakage and unauthorized actions on the device.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to improper permission checks on sound URIs during notification channel creation in Android. Detection would involve verifying whether notification channels are created with unauthorized sound URIs. There are no specific commands provided to detect this vulnerability on a system or network. However, reviewing logs or monitoring notification channel creation for unusual or unauthorized sound URI usage might help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Android system is updated with the security fix that enforces permission checks on sound URIs during notification channel creation. This fix causes the system to fall back to the default notification sound if the calling application lacks proper permissions, preventing unauthorized access. Applying the relevant security patches or updates from the Android platform frameworks base is the recommended immediate step. [1]