CVE-2025-48619
Awaiting Analysis Awaiting Analysis - Queue
Logic Error in Android ContentProvider Allows Local Privilege Escalation

Publication date: 2026-03-02

Last updated on: 2026-03-06

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-48619
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
google android 14.0
google android 15.0
google android 16.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in multiple functions of ContentProvider.java where a logic error allows an app with only read-only access to truncate files. This means that even without write permissions, an app can shorten or cut off files due to the flawed code logic.

Exploitation does not require any additional execution privileges or user interaction, making it easier for malicious apps to misuse this flaw.

Impact Analysis

The vulnerability can lead to a local escalation of privilege, allowing an app with limited permissions to perform actions beyond its intended scope.

Specifically, an app with read-only access could truncate files, potentially causing data loss or corruption.

Since no user interaction or additional privileges are needed, this could be exploited silently, increasing the risk of unauthorized data manipulation.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48619. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart