SQL Injection Vulnerability in Android MediaProvider by Google
CVE-2025-48544
Currently unrated
What is CVE-2025-48544?
The vulnerability in Google's MediaProvider allows attackers to exploit SQL injection flaws present in various code locations. This potential exploitation enables unauthorized access to files belonging to other applications on the device, facilitating local privilege escalation without requiring additional execution privileges. Importantly, user interaction is not needed for an attacker to exploit this vulnerability, making it a significant concern for device security.
Affected Version(s)
Android 16
Android 15
Android 14