CVE-2025-48618

CVSS 6.6 MEDIUMEPSS 0.1%CWE-667

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Google · Android

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://android.googlesource.com/platform/frameworks/opt/telephony/+/fee68bcdcf029e8f40980616d09367610544bc62 https://source.android.com/security/bulletin/2025-12-01