216.73.216.67

CVE-2025-48594

· Published 08/12/2025 17:16 · Modified 11/12/2025 15:15

Labels: CVE-2025-48594 2025-12-08CVE-2025-48594CWE-20NVD-CWE-noinfo[email protected]

Essential information

Published
08/12/2025 17:16
Modified
11/12/2025 15:15
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / android cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
google / android cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
google / android cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*

References