CVE-2025-32328
- EPSS 0.09%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:52:38
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges neede...
CVE-2025-32329
- EPSS 0.09%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:52:13
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges neede...
CVE-2025-48525
- EPSS 0.09%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:51:41
In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no...
CVE-2025-48536
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:44:23
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privi...
CVE-2025-48555
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:43:05
In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
- EPSS 0.07%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:42:25
In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48565
- EPSS 0.09%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:41:39
In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
CVE-2025-48566
- EPSS 0.09%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 10.12.2025 13:22:24
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...
CVE-2025-32319
- EPSS 0.08%
- Veröffentlicht 08.12.2025 17:16:13
- Zuletzt bearbeitet 09.12.2025 21:54:42
In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interacti...
CVE-2025-22420
- EPSS 0.07%
- Veröffentlicht 08.12.2025 17:16:12
- Zuletzt bearbeitet 10.12.2025 13:23:16
In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl...