Information Disclosure Vulnerability in Android Telecommunication Services

CVE-2025-0082

What is CVE-2025-0082?

An information disclosure vulnerability exists in the Android Telecommunication Services, specifically within multiple functions of StatusHint.java and TelecomServiceImpl.java. This flaw enables a conditional exposure of image files across different user accounts due to a confused deputy approach. Consequently, attackers could exploit this without requiring additional execution privileges, although user interaction is necessary for successful exploitation. This vulnerability underscores the importance of user awareness when utilizing telecommunication services on Android devices.

References