CVE-2025-48544

HIGH

Multiple Locations - Info Disclosure

Title source: llm

Description

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (4)

Core 4

Core References

Vendor Advisory

https://source.android.com/security/bulletin/2026-03-01

Vendor Advisory vendor-advisory

https://source.android.com/docs/security/bulletin/2026/2026-03-01

Patch

https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c34a7f642548130e95dc374035d5a3564d30599f

Vendor Advisory

https://source.android.com/security/bulletin/2025-09-01

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (4)

google/android 13.0

google/android 14.0

google/android 15.0

google/android 16.0

Published Sep 04, 2025

Tracked Since Feb 18, 2026