CVE-2025-48595
CVE-2025-48595
In short
A software component has a math error that allows an attacker to run harmful code on a system. By exploiting this flaw, someone can gain higher access rights without needing special permissions.
Technical detail
An integer overflow vulnerability exists across multiple code locations, enabling arbitrary code execution through numeric boundary violations. This permits local privilege escalation without requiring user interaction or elevated starting privileges; the attack vector is local and exploitation is straightforward once the overflow condition is triggered.
Summary generated and translated by AI from the official description.
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Google · Androidpublic PoCs found — 2
githubgithub.com/HORKimhab/CVE-2025-48595★ 0githubgithub.com/fevar54/CVE-2025-48595-Android-Framework-Integer-Overflow-★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →