Local Privilege Escalation Vulnerability in Android Settings
CVE-2025-32345
7.8HIGH
What is CVE-2025-32345?
A logic error in the updateState method of ContentProtectionTogglePreferenceController.java allows secondary users to disable the primary user's deceptive app scanning setting on Android devices. This vulnerability does not require any additional execution privileges or user interaction for exploitation, presenting significant security risks for users relying on app protection features. The flaw highlights a critical consideration for Android's security model and the importance of user permissions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Android 16
Android 15
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved