Input Validation Flaw in Android Framework Impacts CDM Association Management
CVE-2025-48632

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-48632?

An input validation issue in the Android Framework's setDisplayName function within AssociationRequest.java allows for CDM associations to persist even after users attempt to disassociate them. This flaw poses a potential risk for local privilege escalation, as it requires no additional execution privileges and does not need user interaction to exploit. Addressing this vulnerability is crucial for maintaining secure user data management in Android systems.

Affected Version(s)

Android 16

Android 15

Android 14

References

https://android.googlesource.com/platform/frameworks/base...

https://source.android.com/security/bulletin/2025-12-01

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
May 22, 2025

JSON

Google

What is CVE-2025-48632?

Affected Version(s)

References

CVSS V3.1

Timeline