CVE-2025-48584
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 08.12.2025 21:15:54
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User in...
CVE-2025-48583
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 08.12.2025 22:15:52
In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee...
CVE-2025-48580
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 08.12.2025 22:15:52
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg...
CVE-2025-48576
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 08.12.2025 21:15:52
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges...
CVE-2025-48575
- EPSS 0%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 13:25:45
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ...
CVE-2025-48573
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 10.12.2025 13:24:07
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privil...
CVE-2025-48572
- EPSS 0.75%
- Veröffentlicht 08.12.2025 17:16:15
- Zuletzt bearbeitet 09.12.2025 17:19:47
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
CVE-2025-48566
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 10.12.2025 13:22:24
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...
CVE-2025-48565
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:41:39
In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
- EPSS 0.01%
- Veröffentlicht 08.12.2025 17:16:14
- Zuletzt bearbeitet 09.12.2025 21:42:25
In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.