CVE-2025-48613

Published Mar 2, 2026

Last updated 2 months ago

CVSS high 7.8

Overview

Description: In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source: security@android.com
NVD status: Modified
Products: android

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-269

Hype score: Not currently trending

CVE-2025-48613 (CVSS:7.8, HIGH) is Modified. In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previou..https://t.co/9hVvzgXXCp #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
6 Mar 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References