CVE-2025-48595

Warnung

Medienbericht

EPSS 1.71%
Veröffentlicht 01.06.2026 21:14:49
Zuletzt bearbeitet 02.06.2026 20:19:29
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 9

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version14.0

Google ≫ Android Version15.0

Google ≫ Android Version16.0 Update-

Google ≫ Android Version16.0 Updateqpr2_beta_1

Google ≫ Android Version16.0 Updateqpr2_beta_2

Google ≫ Android Version16.0 Updateqpr2_beta_3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

02.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Framework Integer Overflow Vulnerability

Schwachstelle

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.71%	0.744

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

08.06.2026 16:25

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

05.06.2026 12:52

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

05.06.2026 12:51

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

05.06.2026 12:48

https://source.android.com/docs/security/bulletin/2026/2026-06-01

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48595

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-48595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48595

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-48595

02.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog