Logic Error in Android Device Policy Manager Service Allows Unauthorized Device Owner Addition
CVE-2025-48633
What is CVE-2025-48633?
CVE-2025-48633 is a significant vulnerability identified in the Android Device Policy Manager Service, developed by Google. This flaw arises from a logic error in the hasAccountsOnAnyUser function within the DevicePolicyManagerService.java file. The vulnerability allows for unauthorized addition of a Device Owner after the provisioning process—an action that typically requires escalated privileges. The implication of this vulnerability is serious, as it potentially enables local escalation of privileges without any need for additional permissions or user interaction, placing organizations at risk of unauthorized control over devices. Given that the Device Policy Manager is crucial for managing device policies and security configurations in an enterprise, this vulnerability could lead to considerable disruptions and security lapses.
Potential impact of CVE-2025-48633
-
Unauthorized Device Control: The primary risk posed by this vulnerability is the ability of malicious actors to gain unauthorized control of devices. This could allow them to manipulate device settings, install unapproved applications, or exfiltrate sensitive data.
-
Escalation of Privileges: Since the vulnerability permits unauthorized addition of a Device Owner, it effectively allows an attacker to elevate their privileges within the system. This escalation could lead to further security breaches, as compromised administrators can exert control over a wide array of enterprise resources.
-
Data Breach Risk: Exploitation of this vulnerability could lead to significant data breaches, particularly in environments where sensitive information is managed on Android devices. Confidential employee data, client information, and proprietary corporate data could be exposed, leading to compliance violations and financial repercussions for affected organizations.
Affected Version(s)
Android 16
Android 15
Android 14
News Articles
CVE-2025-48633 and CVE-2025-48572: Android Framework Information Disclosure and Privilege Escalation Vulnerabilities Exploited in the Wild | SOC Prime
Explore details for CVE-2025-48633 and CVE-2025-48572, high-severity Android Framework vulnerabilities, with a deep analysis on our SOC Prime blog.
4 days ago
Help Net SecurityGoogle fixes Android vulnerabilities "under targeted exploitation" (CVE-2025-48633, CVE-2025-48572) - Help Net Security
Google patches Android vulnerabilities, including CVE-2025-48633 and CVE-2025-48572, which "may be under limited, targeted exploitation".
5 days ago
theregister.comCVE-2025-48633Two Android 0-day bugs patched, plus 105 more fixes
Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. The two vulnerabilities are CVE-2025-48633, an...
6 days ago