TOCTOU Race Condition in TvSettings App by a Major Vendor
CVE-2025-8192

6.9MEDIUM

Key Information:

Vendor

Android

Status
Tv
Vendor
CVE Published:
31 July 2025

What is CVE-2025-8192?

A race condition vulnerability has been identified in the TvSettings App's AppRestrictionsFragment.java, allowing attackers to exploit a timing window between the validation of an Intent and its subsequent use. This flaw enables the execution of a malicious activity in the context of the system, circumventing essential security protocols. Through this attack vector, an adversary could potentially manipulate the state of the target component, leading to unauthorized access and control over system functionalities.

Affected Version(s)

TV 0

References

https://defcon.org/html/defcon-33/dc-33-speakers.html#con...

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Qidan He
JSON
.
CVE-2025-8192 : TOCTOU Race Condition in TvSettings App by a Major Vendor