CVE-2025-48618

Sažetak

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Reference

https://android.googlesource.com/platform/frameworks/opt/telephony/+/fee68bcdcf029e8f40980616d09367610544bc62
https://source.android.com/security/bulletin/2025-12-01

CVSS

Base:	6.8
Impact:	5.9
Exploitability:	0.9

Pristup

Vektor	Složenost	Autentikacija
PHYSICAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

08-12-2025 - 20:15

Objavljeno

08-12-2025 - 17:16