- Description
- In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
- Products
- android
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-120
- Hype score
- Not currently trending
🚨 CVE-2025-48611 (CVSS: 10.0) CVE-2025-48611はhttps://t.co/n6Vs1aMQ0BのDeviceIdでバウンドチェックの欠如により永続化のデシyncが発生し、ローカルでの権限昇格が可能。ユーザー操作不要。 https://t.co/qPZjOu0VwU #脆弱性 #セキ
@maru1151157
11 Mar 2026
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The severity is increased for this new vulnerability affecting Google Android (CVE-2025-48611) https://t.co/FbSrjkoPT5
@vuldb
10 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2025-48611 In DeviceId of https://t.co/KGwrw2z7cn, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additi… https://t.co/YMXCsonvuz ----- Traducción: CVE-2025… https://t.co/utmtNg
@infoflowcloud
10 Mar 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48611 In DeviceId of https://t.co/gnJjgvgTWE, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additi… https://t.co/jilsCTtSpN
@CVEnew
10 Mar 2026
191 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-48611 - Critical In DeviceId of https://t.co/dniAzUUlwT, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privil... https://t.co/tZYfYZgndN https://t.co/c6nbdrHHd
@TheHackerWire
10 Mar 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-48611: CRITICAL] Possible desync in https://t.co/tQxkCWgKUn, leading to local privilege escalation without additional execution privileges. No user interaction needed for exploitation. #CyberSecurity#cve,CVE-2025-48611,#cybersecurity https://t.co/BrJi0iwhxh
@CveFindCom
10 Mar 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE: CVE-2025-48611 Vendor: Google Product: Pixel CVSS: 10.0 Credits: Canyie(石松洲) of LSPosed Team Description: In DeviceId of https://t.co/7BENu15zhe, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege
@ptdbugs
10 Mar 2026
142 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-48611: Google (CVSS: 10.0)... Missing bounds check in https://t.co/qo2DC2aTQz creates persistence desync leading to silent local privesc on all Pixels - zero-c... https://t.co/M8QGFM9CYD #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
10 Mar 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]