CVE-2025-48583
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-10
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in multiple functions of BaseBundle.java where a logic error allows the execution of arbitrary code. This means an attacker can run their own code on the affected system without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to local escalation of privilege, allowing an attacker to gain higher-level access on the system than they normally would. This could compromise system security and potentially allow unauthorized actions or access to sensitive data.
What immediate steps should I take to mitigate this vulnerability?
Apply the security patch that includes the fix for CVE-2025-48583, which is available in the updated Android frameworks/base repository. The fix involves updating to versions that include the patch authored by John Wu, which introduces a destroy() method in the Parcel class to prevent use-after-free conditions. Ensure your device or system is updated to the latest security patch level that contains this fix. [2]