Tapjacking Vulnerability in Android Framework by Google
CVE-2025-48528

4MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-48528?

A vulnerability within the Google Android Framework allows attackers to exploit tapjacking techniques, enabling biometric overlays. This flaw permits local escalation of privilege without requiring any additional execution privileges. Notably, successful exploitation of this vulnerability does not necessitate user interaction, highlighting the significant risk posed to users. The potential for abuse presents serious implications for device security, requiring immediate attention from developers and users alike.

Affected Version(s)

Android 16

Android 15

References

https://android.googlesource.com/platform/frameworks/base...

https://source.android.com/security/bulletin/2025-09-01

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
May 22, 2025