CVE-2025-48530

Published Sep 4, 2025

Last updated 8 months ago

CVSS high 8.1
System
Mobile device

Overview

Description
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation.
Source
security@android.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-125

Social media

Hype score
Not currently trending

  1. Vulnerability Alert — CVE-2025-48530 Google patched a high-severity buffer overflow in an unsafe Rust AVIF parser. It never reached production and was mitigated by Scudo, but it underscores that Rust still requires defense-in-depth as memory-safety bugs in Android fall below 2

    @CloneSystemsInc

    17 Nov 2025

    49 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Android hits a major milestone: Memory-safety bugs drop below 20% as Rust adoption accelerates. • 1000× lower bug density vs C/C++ • Faster reviews, fewer rollbacks • Rust expanding to kernel, firmware & key apps • Recent CVE-2025-48530 caught early + blocked by Scud

    @TechNadu

    17 Nov 2025

    64 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #Android #VulnerabilityReport Android Security Update: Critical RCE Flaw (CVE-2025-48530) in System Component Patched https://t.co/FWJEoPLGbG

    @Komodosec

    10 Sept 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CRITICAL: CVE-2025-48530 enables remote code execution on Android 16—no user action needed. Scan, monitor, and mitigate ASAP! https://t.co/AaxV4yxSBg #OffSeq #Android #Cybersecurity https://t.co/vVf8MdfY9I

    @offseq

    5 Sept 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-48530 In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combin… https://t.co/cd8XIeu3L3

    @CVEnew

    4 Sept 2025

    297 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Pixelの月例アップデート:RCE脆弱性(CVE-2025-48530)修正 Google Pixel向けの2025年8月セキュリティ更新で、リモートコード実行につながる重大脆弱性を修正。すべての Pixel 端末に即時更新が推奨されている https://t.

    @shampoo_101_

    10 Aug 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. تنبيه عاجل لمستخدمي أندرويد: هذا ليس تدريبًا! أصدرت جوجل للتو تصحيحًا أمنيًا “حرجًا” لسد ستة ثغرات أمنية خطيرة في نظام أندرويد. من بين هذه الثغرات، ثغرة

    @osaimy

    8 Aug 2025

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️Actualizaciones de seguridad de Android ❗CVE-2025-48530 ❗CVE-2025-22441 ❗CVE-2025-48533 ➡️Más info: https://t.co/nI57olOEUm https://t.co/ia1vLeaMP1

    @CERTpy

    8 Aug 2025

    94 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  9. 🚨 Android Alert – August 2025 🔥 Critical flaw in Android 16 (CVE-2025-48530) 🎯 Enables hackers to run code remotely – no clicks needed Pixel users get patched first (as usual) Samsung & others—updates coming slowly ✅ Update you Phone https://t.co/OBEMA4Cop2

    @devom_pro

    7 Aug 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  10. 🔒 Google’s August 2025 update is here: Fixes a critical Android 16 bug (CVE-2025-48530) Enables remote code execution... ✅ Pixels get the patch first 🕒 Samsung & others to follow 📱 Check your updates now! https://t.co/OBEMA4Cop2 #AndroidSecurity #Pixel #Sam

    @devom_pro

    7 Aug 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-48530👀

    @mai_llj

    6 Aug 2025

    105 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A zero-click flaw (CVE-2025-48530) lets hackers take control of Android devices without interaction. Google’s fix is out, but old phones like Pixel 3a, S10, OnePlus 7 are left exposed. 📞 +1-888-217-4638 | 🌐 https://t.co/DefFtpmXUf #AndroidHack #CyberConcernSolutions htt

    @cybersolutionco

    6 Aug 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Google’s August Android update patches just 6 flaws, a big drop from past months. No active exploits reported. Key fix: a critical remote code bug (CVE-2025-48530). #AndroidSecurity #CyberAlert #GooglePatch #TechUpdate #Google #Android #Technology https://t.co/ETNhoLSSZe

    @Homeforhackers

    5 Aug 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.CVE-2026-21010
  2. Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.CVE-2026-21006
  3. External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.CVE-2026-21012
  4. Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.CVE-2026-21007
  5. Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.CVE-2026-21011

References

Sources include official advisories and independent security research.