CVE-2025-48609
Path Traversal in MmsProvider.java Causes Local DoS
Publication date: 2026-03-02
Last updated on: 2026-03-06
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in multiple functions of the MmsProvider.java file, where a path traversal error allows an attacker to arbitrarily delete files.
The affected files are related to telephony, SMS, and MMS functionalities.
Exploitation does not require any additional execution privileges or user interaction.
How can this vulnerability impact me? :
This vulnerability can lead to a local denial of service by deleting important files related to telephony, SMS, and MMS functionalities.
Since no additional privileges or user interaction are needed, an attacker could exploit this vulnerability to disrupt communication services on the affected device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know