CVE-2025-22437
- EPSS 0.01%
- Published 02.09.2025 22:11:23
- Last modified 04.09.2025 16:37:56
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. Use...
CVE-2025-22435
- EPSS 0.03%
- Published 02.09.2025 22:11:22
- Last modified 04.09.2025 16:38:05
In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-22434
- EPSS 0.01%
- Published 02.09.2025 22:11:21
- Last modified 04.09.2025 16:38:14
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee...
CVE-2025-22433
- EPSS 0.01%
- Published 02.09.2025 22:11:20
- Last modified 04.09.2025 16:38:21
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no addit...
CVE-2025-22431
- EPSS 0.01%
- Published 02.09.2025 22:11:19
- Last modified 04.09.2025 16:39:07
In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no addit...
CVE-2025-22430
- EPSS 0%
- Published 02.09.2025 22:11:18
- Last modified 04.09.2025 16:38:27
In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is ...
CVE-2025-22429
- EPSS 0.05%
- Published 02.09.2025 22:11:17
- Last modified 04.09.2025 16:39:18
In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...
CVE-2025-22428
- EPSS 0.01%
- Published 02.09.2025 22:11:16
- Last modified 04.09.2025 16:39:12
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no...
CVE-2025-22427
- EPSS 0.01%
- Published 02.09.2025 22:11:15
- Last modified 04.09.2025 16:39:24
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution pri...
CVE-2025-22423
- EPSS 0.15%
- Published 02.09.2025 22:11:14
- Last modified 04.09.2025 16:39:29
In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...