In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
| Link | Resource |
|---|---|
| https://android.googlesource.com/platform/frameworks/base/+/848f944921756467dba98069ea33531a2f180373 | Patch Product |
| https://source.android.com/security/bulletin/2025-12-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Jun 2026, 09:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://android.googlesource.com/platform/frameworks/base/+/848f944921756467dba98069ea33531a2f180373 - Patch, Product |
10 Dec 2025, 19:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://android.googlesource.com/platform/frameworks/base/+/848f944921756467dba98069ea33531a2f180373 - Product, Patch | |
| References | () https://source.android.com/security/bulletin/2025-12-01 - Vendor Advisory | |
| First Time |
Google android
|
|
| CPE | cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:* |
08 Dec 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-400 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
08 Dec 2025, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-08 17:16
Updated : 2026-06-17 09:29
NVD link : CVE-2025-48590
Mitre link : CVE-2025-48590
CVE.ORG link : CVE-2025-48590
JSON object : View
Products Affected
- android
CWE
CWE-400
Uncontrolled Resource Consumption
