CVE-2025-48563

High CVSS: 7.8

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor

Google

Product

Android

CWE

CWE-453

Yayın Tarihi

2025-09-04 19:15:43

Güncelleme

2025-09-08 14:03:37

Source Identifier

security@android.com

KEV Date Added

Kategoriler

CWE-453 Android HIGH Google 2025

Referanslar

https://android.googlesource.com/platform/frameworks/base/+/a6a570a6f4972c1dfea13c5fe3558805c1658991 https://source.android.com/security/bulletin/2025-09-01

Benzer Kayıtlar

Medium

CVE-2026-6364

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sens…

High

CVE-2026-6363

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bo…

Medium

CVE-2026-6362

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out o…

High

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinc…

High

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit o…

High

CVE-2026-6359

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromise…