CVE-2025-48651

MEDIUM

Android <2026-04-05 - High Severity Vuln

Title source: llm

Description

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

Core 2

Core References

vendor-advisory

https://source.android.com/docs/security/bulletin/2026/2026-04-01

https://source.android.com/security/bulletin/2026-04-01

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (2)

google/android

Google/Android Android SoC

Published Apr 06, 2026

Tracked Since Apr 07, 2026