CVE-2025-48572

7.8

HIGH CVSS 3.1

Android Framework Privilege Escalation Vulnerability - [Actively Exploited]

Description

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

INFO

Published Date :

Dec. 8, 2025, 5:16 p.m.

Last Modified :

Dec. 9, 2025, 5:19 p.m.

Remotely Exploit :

No

Source :

[email protected]

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: Dec 23, 2025 | 11 days left

Alert Date: Dec 02, 2025 | 9 days ago

Description :

Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572

Affected Products

The following products are affected by CVE-2025-48572 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Google	android

: Total Affected Vendor : 1 | Products : 1

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	HIGH				134c704f-9b21-4f2e-91b3-4a467353bcc0

Solution

Address permission bypass vulnerabilities to prevent unauthorized activity launches.

Review and enforce activity launch permissions.
Restrict background activity launching.
Update the application to fix the bypass.

Public PoC/Exploit Available at Github

CVE-2025-48572 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-48572.

URL	Resource
https://android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192	Product
https://source.android.com/security/bulletin/2025-12-01	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48572	Third Party Advisory US Government Resource

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-48572 is associated with the following CWEs:

CWE-306: Missing Authentication for Critical Function

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-48572 weaknesses.

CAPEC-12: Choosing Message Identifier Choosing Message Identifier CAPEC-36: Using Unpublished Interfaces or Functionality Using Unpublished Interfaces or Functionality CAPEC-62: Cross Site Request Forgery Cross Site Request Forgery CAPEC-166: Force the System to Reset Values Force the System to Reset Values CAPEC-216: Communication Channel Manipulation Communication Channel Manipulation

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Ashwesker/Blackash-CVE-2025-48633

CVE-2025-48633

Updated: 2 days, 7 hours ago

3 stars 0 fork 0 watcher

Born at : Dec. 2, 2025, 9:35 a.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-48572 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-48572 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Dec. 09, 2025

Action	Type	New Value
Added	CPE Configuration	OR cpe:2.3:o:google:android:13.0::::::: cpe:2.3:o:google:android:14.0::::::: cpe:2.3:o:google:android:15.0::::::: cpe:2.3:o:google:android:16.0:::::::
Added	Reference Type	Android (associated with Google Inc. or Open Handset Alliance): https://android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192 Types: Product
Added	Reference Type	Android (associated with Google Inc. or Open Handset Alliance): https://source.android.com/security/bulletin/2025-12-01 Types: Vendor Advisory
Added	Reference Type	CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48572 Types: Third Party Advisory, US Government Resource

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Dec. 08, 2025

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CWE	CWE-306
Added	Reference	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48572

New CVE Received by [email protected]

Dec. 08, 2025

Action	Type	New Value
Added	Description	In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Added	Reference	https://android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192
Added	Reference	https://source.android.com/security/bulletin/2025-12-01

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

Browse by Apps

CVE-2025-48572

Android Framework Privilege Escalation Vulnerability - [Actively Exploited]

Description

INFO

Dec. 8, 2025, 5:16 p.m.

Dec. 9, 2025, 5:19 p.m.

No

[email protected]

CISA KEV (Known Exploited Vulnerabilities)

Affected Products

CVSS Scores

Solution

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Ashwesker/Blackash-CVE-2025-48633

Initial Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

New CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 7.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable