Local Escalation of Privilege Vulnerability in Android's DocumentsUI
CVE-2025-22439

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-22439?

A vulnerability exists in the onLastAccessedStackLoaded method of ActionHandler.java within Android's DocumentsUI. This flaw allows malicious applications to potentially bypass storage access restrictions due to an inadequate permission check. Exploitation of this vulnerability necessitates user interaction, but once executed, it could facilitate local privilege escalation without the need for additional execution privileges.

Affected Version(s)

Android 15

Android 14

Android 13

References

https://android.googlesource.com/platform/packages/apps/D...

https://source.android.com/security/bulletin/2025-04-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Jan 6, 2025

Google

What is CVE-2025-22439?

Affected Version(s)

References

Timeline