Permissions Bypass in CarrierConfigLoader of Android Products
CVE-2025-48617

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 17 June 2026

What is CVE-2025-48617?

A permissions bypass vulnerability exists in the CarrierConfigLoader component of Android, specifically within the overrideConfig method. This flaw could allow an attacker to circumvent user identifier checks, resulting in local escalation of privileges without requiring any additional execution permissions or user interaction. This type of vulnerability poses significant security risks, potentially enabling unauthorized actions that compromise the device's integrity and user data.

Affected Version(s)

Android 17

References

https://source.android.com/docs/security/bulletin/android-17

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
May 22, 2025

CVE-2025-48617 Data

JSON

Google

What is CVE-2025-48617?

Affected Version(s)

References

Timeline