CVE-2025-48594
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-11
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the onUidImportance function of DisassociationProcessor.java, where improper input validation allows an application to retain companion application privileges even after disassociation. This means that an app could keep elevated privileges it should have lost, potentially leading to local escalation of privilege without needing any additional execution privileges. Exploitation requires user interaction.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a local attacker to escalate their privileges on the device without needing extra execution privileges. This could lead to unauthorized access or control over certain application privileges that should have been revoked, potentially compromising device security.