CVE-2025-48626

Critical

Published: 08 December 2025

Published

08 December 2025

Modified

08 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0033 56.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed…

for exploitation.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations and precondition checks to prevent unauthorized background application launches that enable remote privilege escalation.

SI-2 Flaw Remediation good match

prevent

Remediates the precondition check failure vulnerability through timely patching of affected AOSP components as detailed in security bulletins.

AC-25 Reference Monitor good match

prevent

Implements a reference monitor to mediate and enforce access control decisions, directly countering failures in precondition checks for application launching.

Security SummaryAI

CVE-2025-48626 is a precondition check failure vulnerability present in multiple locations within the Android Open Source Project (AOSP). It affects the platform/frameworks/base and packages/apps/Launcher3 components, enabling an application to be launched from the background. This flaw could lead to remote escalation of privilege without requiring additional execution privileges. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-693 (Protection Mechanism Failure).

A remote attacker can exploit this vulnerability over the network with low complexity and no privileges or user interaction required. Successful exploitation allows the attacker to achieve high confidentiality, integrity, and availability impacts through escalation of privilege, potentially compromising the device.

The Android Security Bulletin for December 2025 details mitigation, with patches available in AOSP commits such as 9fb37191609f7cb7b2374531cafb2d00ec8b4bec for frameworks/base and 7628af9bf77f1d145359bf4075a6674574cae496 for Launcher3. Security practitioners should apply the relevant monthly security updates to affected Android devices.

Details

CWE(s): NVD-CWE-noinfo CWE-693

Affected Products

google

android

13.0, 14.0, 15.0, 16.0

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote network exploitation (AV:N/PR:N/UI:N) of Android components for privilege escalation, directly mapping to T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://android.googlesource.com/platform/frameworks/base/+/9fb37191609f7cb7b2374531cafb2d00ec8b4bec
Patch, Product · security@android.com
https://android.googlesource.com/platform/packages/apps/Launcher3/+/7628af9bf77f1d145359bf4075a6674574cae496
Patch, Product · security@android.com
https://source.android.com/security/bulletin/2025-12-01
Vendor Advisory · security@android.com