CVE-2025-48550NVD

Vulnerability Summary

In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Severity Level

MEDIUM(5.5)

Published Date

Sep 4, 2025

Last Modified

Sep 5, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://android.googlesource.com/platform/frameworks/base/+/354820f6ec38e8c50140bb5247779d3a3423b4c4
https://source.android.com/security/bulletin/2025-09-01

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-48550NVD

Vulnerability Summary

External References