CVE-2025-48576
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-10

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-10
Generated
2026-05-07
AI Q&A
2025-12-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48576
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
android notification_manager_service 3.1
google android 13.0
google android 14.0
google android 15.0
google android 16.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the updateNotificationChannelGroupFromPrivilegedListener function of NotificationManagerService.java, where it can cause a permanent denial of service due to resource exhaustion. It allows an attacker to cause a local denial of service without needing any additional execution privileges or user interaction.


How can this vulnerability impact me? :

The vulnerability can impact you by causing a local denial of service on the affected system, potentially making the notification service unavailable or unresponsive due to resource exhaustion. This disruption does not require any special privileges or user interaction to be exploited.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart