CVE-2025-48535

HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in AppRestrictionsFragment

Title source: llm

Description

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

Core 2

Core References

Patch

https://android.googlesource.com/platform/packages/apps/Settings/+/1e4423730f8776bd09df7614474643ae735d2176

Vendor Advisory

https://source.android.com/security/bulletin/2025-09-01

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (4)

google/android 13.0

google/android 14.0

google/android 15.0

google/android 16.0

Published Sep 04, 2025

Tracked Since Feb 18, 2026