Input Validation Flaw in Android Framework Impacts CDM Association Management
CVE-2025-48632

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-48632?

An input validation issue in the Android Framework's setDisplayName function within AssociationRequest.java allows for CDM associations to persist even after users attempt to disassociate them. This flaw poses a potential risk for local privilege escalation, as it requires no additional execution privileges and does not need user interaction to exploit. Addressing this vulnerability is crucial for maintaining secure user data management in Android systems.

Affected Version(s)

Android 16

Android 15

Android 14

References

https://android.googlesource.com/platform/frameworks/base...

https://source.android.com/security/bulletin/2025-12-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
May 22, 2025

JSON

Google

What is CVE-2025-48632?

Affected Version(s)

References

Timeline