AI description
CVE-2025-48651 is a vulnerability identified in StrongBox implementations within the Android operating system. StrongBox functions as Android's hardware-backed secure keystore, providing enhanced protection for cryptographic keys by storing and managing them in a dedicated, tamper-resistant hardware chip. This flaw affects StrongBox implementations from several vendors, including Google, NXP, STMicroelectronics, and Thales. While specific exploitation details are not yet fully public, StrongBox vulnerabilities can generally lead to issues such as key extraction, privilege escalation, or denial-of-service conditions.
- Description
- In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Modified
- Products
- android
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
⚠️ **Vulnerability Alert:** Android Zero-Interaction DoS and StrongBox High-Severity Vulnerabilities (CVE-2026-0049, CVE-2025-48651) 📅 **Timeline:** Disclosure: 2026-04-06; Patches: 2026-04-01 & 2026-04-05 🆔 **CVE-2026-0049** | 📊 CVSS: 6.2 (MEDIUM 🟡) | 📈 E
@syedaquib77
7 Apr 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Android StrongBox Hardware Keystore Vulnerabilities (CVE-2025-48651, CVE-2026-0049) 📅 **Timeline:** Disclosure: 2026-04-01, Patch: 2026-04-01 🆔 **CVE-2025-48651** | 📊 CVSS: (High 🟠) | 📈 EPSS: 0.772% 🆔 **CVE-2026-0049** | 📊 CVS
@syedaquib77
7 Apr 2026
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【察しよう】Androidの4月期定例更新。最も深刻なの保FrameworksにおけるDoS脆弱性CVE-2026-0049で、公式評価重大(Critical)。Strongboxにおける広範な影響のCVE-2025-48651もあり。前者はパッチレベル2026-04-01で、その他は2026-
@__kokumoto
7 Apr 2026
641 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: CVE-2025-48651 - Apache Apache Struts Remote Code Execution (RCE) Intel Report: https://t.co/wpSkTHhXfP
@cyberbivash
7 Apr 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]