CVE-2025-48626

Published: Dec 8, 2025Modified: Dec 8, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (4)

Products: Google: Android

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 13.0
Google Android	Version 14.0
Google Android	Version 15.0
Google Android	Version 16.0

Related CWEs

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (3)

https://android.googlesource.com/platform/frameworks/base/+/9fb37191609f7cb7b2374531cafb2d00ec8b4bec

Source: security@android.com

PatchProduct

https://android.googlesource.com/platform/packages/apps/Launcher3/+/7628af9bf77f1d145359bf4075a6674574cae496

Source: security@android.com

PatchProduct

https://source.android.com/security/bulletin/2025-12-01

Source: security@android.com

Vendor Advisory

Timeline

No history available yet.