AI description
CVE-2025-48544 is a vulnerability affecting Google Android versions 13 through 16. It stems from SQL injection flaws found in multiple locations within the Android platform. The vulnerability allows an attacker with local access to read files belonging to other applications on the device. Exploitation doesn't require additional execution privileges or user interaction, potentially leading to a local escalation of privilege.
- Description
- In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
- Products
- android
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
16
CVE-2025-48544, privileged write in MediaProvider. It was possible to inject an internal-only directory allow list via a caller Bundle, widening access to top-level media directories. https://t.co/uaotdZPDbl https://t.co/3yMUywSYUq
@FuzzySec
9 Sept 2025
7427 Impressions
16 Retweets
100 Likes
31 Bookmarks
0 Replies
0 Quotes
CVE-2025-48544 In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no ad… https://t.co/9ZSESyjXyH
@CVEnew
4 Sept 2025
315 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"
},
{
"criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D"
}
],
"operator": "OR"
}
]
}
]