Local Privilege Escalation Vulnerability in Android Products
CVE-2024-43765

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 21 January 2025

Summary

This vulnerability affects the Android Operating System, allowing a potential attacker to exploit a tapjacking or overlay attack. In multiple locations, it could enable unauthorized access to sensitive folders. Exploitation requires user interaction and could lead to local escalation of privileges, thus allowing unauthorized actions to be executed within the user’s context.

Affected Version(s)

Android 15

Android 14

Android 13

References

https://source.android.com/security/bulletin/2025-01-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025