In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Configurations
Configuration 1 (hide)
|
History
01 Jun 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
08 Dec 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-400 |
08 Dec 2025, 18:55
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Google android
|
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-770 | |
| CPE | cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* |
|
| References | () https://android.googlesource.com/platform/frameworks/base/+/a5795fc0cf1f21da88cf05ad06610d3653d1be0e - Patch, Product | |
| References | () https://source.android.com/security/bulletin/2025-12-01 - Vendor Advisory |
08 Dec 2025, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-08 17:16
Updated : 2026-06-17 09:29
NVD link : CVE-2025-48615
Mitre link : CVE-2025-48615
CVE.ORG link : CVE-2025-48615
JSON object : View
Products Affected
- android
