Permissions Bypass Vulnerability in Android Framework
CVE-2025-48572
Key Information:
Badges
What is CVE-2025-48572?
CVE-2025-48572 is a permissions bypass vulnerability found in the Android Framework, developed by Google. This vulnerability allows unintended activities to be launched from the background without proper permissions, compromising the security protocols within the Android operating system. Such a flaw could allow an unauthorized user to escalate their privileges locally, enabling them to perform actions typically restricted to higher-privilege applications or services. Importantly, the exploitation of this vulnerability does not require user interaction, which raises the stakes for affected systems as this could facilitate unauthorized access with minimal effort.
Potential impact of CVE-2025-48572
-
Local Privilege Escalation: The most significant risk posed by this vulnerability is the potential for local privilege escalation. Attackers can exploit this weakness to gain unauthorized access to sensitive data or system functions, effectively bypassing standard security controls.
-
Exploitation Without User Interaction: The fact that user interaction is unnecessary for exploitation means that malware or malicious applications could execute background operations without alerting the user, making it especially dangerous for device owners.
-
Wider Attack Surface for Malicious Actors: By exploiting this vulnerability, attackers could potentially create further security breaches within the Android ecosystem. This could lead to larger-scale attacks, jeopardizing not just individual devices but also the broader network those devices connect to, including enterprise environments.
CISA has reported CVE-2025-48572
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-48572 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Android 16
Android 15
Android 14
News Articles
CVE-2025-48633 and CVE-2025-48572: Android Framework Information Disclosure and Privilege Escalation Vulnerabilities Exploited in the Wild | SOC Prime
Explore details for CVE-2025-48633 and CVE-2025-48572, high-severity Android Framework vulnerabilities, with a deep analysis on our SOC Prime blog.
4 weeks ago
Help Net SecurityGoogle fixes Android vulnerabilities "under targeted exploitation" (CVE-2025-48633, CVE-2025-48572) - Help Net Security
Google patches Android vulnerabilities, including CVE-2025-48633 and CVE-2025-48572, which "may be under limited, targeted exploitation".
1 month ago
Cyber PressCVE-2025-48572CISA Warns of Android 0-Day Vulnerability Exploited in Attacks
These security flaws, found within the Android Framework, are currently being exploited in the wild, prompting a federal mandate for immediate remediation by December 23, 2025.
1 month ago
References
CVSS V3.1
Timeline
Vulnerability published
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by Cyber Press
Vulnerability Reserved