CVE-2025-48594

Published Dec 8, 2025

Last updated 5 months ago

CVSS high 7.3

Overview

Description: In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Source: security@android.com
NVD status: Modified
Products: android

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 5.9
Exploitability score: 1.3
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-20

Hype score: Not currently trending

CVE-2025-48594 In onUidImportance of https://t.co/klPTxRoPlr, there is a possible way to retain companion application privileges after disassociation due to improper input vali… https://t.co/ta9OyrxKHu
@CVEnew
8 Dec 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References