TOCTOU Race Condition in TvSettings App by a Major Vendor
CVE-2025-8192

6.9MEDIUM

Key Information:

Vendor: Android
Status: Tv
Vendor: CVE Published:; 31 July 2025

What is CVE-2025-8192?

A race condition vulnerability has been identified in the TvSettings App's AppRestrictionsFragment.java, allowing attackers to exploit a timing window between the validation of an Intent and its subsequent use. This flaw enables the execution of a malicious activity in the context of the system, circumventing essential security protocols. Through this attack vector, an adversary could potentially manipulate the state of the target component, leading to unauthorized access and control over system functionalities.

Affected Version(s)

TV 0

References

https://defcon.org/html/defcon-33/dc-33-speakers.html#con...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

Qidan He