CVE-2025-48572

HighCISA KEVActive Exploitation

Published: 08 December 2025

Published

08 December 2025

Modified

10 December 2025

KEV Added

02 December 2025

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0021 42.7th percentile

Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Description

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

AC-3 mandates enforcement of approved authorizations for access to system resources, directly preventing the permissions bypass that enables unauthorized background activity launches leading to privilege escalation.

SI-2 Flaw Remediation good match

prevent

SI-2 requires identification, reporting, and correction of system flaws like CVE-2025-48572, preventing exploitation by applying the available patch from the Android Security Bulletin.

AC-6 Least Privilege partial match

prevent

AC-6 enforces least privilege for accounts and functions, limiting the damage potential from low-privilege local attackers exploiting the vulnerability for escalation.

Security SummaryAI

CVE-2025-48572 is a permissions bypass vulnerability present in multiple locations within the Android Open Source Project's platform/frameworks/base component. It enables the launch of activities from the background, which could result in local escalation of privilege without needing additional execution privileges or user interaction. The vulnerability is associated with CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges (PR:L) can exploit this issue due to its low attack complexity (AC:L) and lack of required user interaction (UI:N). Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), facilitating privilege escalation on the affected Android device.

The Android Security Bulletin dated 2025-12-01 addresses this vulnerability, with a corresponding patch available in the commit at android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192. It is also listed in the CISA Known Exploited Vulnerabilities Catalog.

This CVE's inclusion in the CISA KEV catalog indicates real-world exploitation has occurred.

Details

CWE(s): CWE-306
KEV Date Added: 02 December 2025

Affected Products

google

android

13.0, 14.0, 15.0, 16.0

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is a permissions bypass enabling local escalation of privilege without user interaction, directly facilitating T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192
Product · security@android.com
https://source.android.com/security/bulletin/2025-12-01
Vendor Advisory · security@android.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48572
Third Party Advisory, US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0