SQL Injection Vulnerability in MediaProvider by Android
CVE-2025-32327
7.8HIGH
What is CVE-2025-32327?
The MediaProvider component in Android contains a vulnerability in multiple functions of PickerDbFacade.java, allowing for potential unauthorized access to sensitive data through SQL injection techniques. This vulnerability poses a risk of local privilege escalation without requiring additional execution permissions or user interaction for exploitation. It enables attackers to manipulate database queries, potentially compromising the integrity and confidentiality of stored data. Immediate attention and patching are necessary to mitigate this security risk.
Affected Version(s)
Android 15
Android 14