CVE-2025-48598
- EPSS 0.1%
- Veröffentlicht 08.12.2025 17:16:16
- Zuletzt bearbeitet 08.12.2025 19:44:15
In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not need...
CVE-2025-48572
- EPSS 0.23%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 02:00:02
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
CVE-2025-48573
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 13:24:07
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privil...
CVE-2025-48575
- EPSS 0.06%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 13:25:45
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ...
CVE-2025-48576
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 19:33:05
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges...
CVE-2025-48580
- EPSS 0.12%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 19:41:17
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg...
CVE-2025-48583
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 19:41:50
In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee...
CVE-2025-48584
- EPSS 0.09%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 19:43:07
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User in...
CVE-2025-48586
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 09.12.2025 21:40:41
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...
CVE-2025-48588
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 09.12.2025 21:40:04
In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex...