CVE-2025-48643

HIGH

Android - Local Privilege Escalation via Provisioning Bypass

Title source: llm

Description

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1

Core References

https://source.android.com/docs/security/bulletin/android-17

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 0.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (2)

google/android 17.0

Google/Android 17

Published Jun 17, 2026

Tracked Since Jun 17, 2026