CVE-2025-48559NVD

Vulnerability Summary

In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Severity Level

MEDIUM(5.5)

Published Date

Sep 4, 2025

Last Modified

Sep 5, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-20: Improper Input Validation ↗

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://android.googlesource.com/platform/frameworks/base/+/7b88db4928f390cb7656dcc4a14fac2d645301a9
https://source.android.com/security/bulletin/2025-09-01

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-48559NVD

Vulnerability Summary

External References