CVE-2025-22441

🗓️ 04 Sep 2025 18:17:24Reported by google_androidType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 431 Views🌐 WEB

Vulnerability in RemoteViews getContextForResourcesEnsuringCorrectCachedApkPaths enables loading arbitrary Java code in a privileged context, causing local privilege escalation with user interaction.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2025-22441	4 Sep 202518:17	–	attackerkb
Android Security Bulletins	Android Security Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences.	4 Aug 202500:00	–	androidsecurity
BDU FSTEC	The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges	6 Aug 202500:00	–	bdu_fstec
GithubExploit	Exploit for Confused Deputy in Google Android	8 Oct 202513:12	–	githubexploit
Circl	CVE-2025-22441	8 Oct 202513:16	–	circl
CNNVD	Google Android 安全漏洞	4 Sep 202500:00	–	cnnvd
CNVD	Google Android elevation of privilege vulnerability (CNVD-2025-30727)	8 Sep 202500:00	–	cnvd
Cvelist	CVE-2025-22441	4 Sep 202518:17	–	cvelist
EUVD	EUVD-2025-27073	3 Oct 202520:07	–	euvd
NVD	CVE-2025-22441	4 Sep 202519:15	–	nvd

NVD

Vulners

Node

google androidMatch13.0

google androidMatch14.0

google androidMatch15.0

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "15",
        "status": "affected"
      },
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "13",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
source	www.source.android.com/security/bulletin/2025-08-01

Parameter	Position	Path	Description	CWE
mApplication	nested	frameworks/base/core/java/android/widget/RemoteViews.java;l=6545-6561	RemoteViews.mApplication may carry untrusted ApplicationInfo, which can be used to influence loaded resources and code loading paths when applying RemoteViews	CWE-441
expectedAppInfo	nested	frameworks/base/core/java/android/app/LoadedApk.java;l=2275-2302	checkAndUpdateApkPaths may update LoadedApk with attacker-controlled ApplicationInfo, potentially altering resource/class loader mappings	CWE-441
cacheWithCode	nested	frameworks/base/core/java/android/app/LoadedApk.java;l=2275-2302	checkAndUpdateApkPaths may update LoadedApk with attacker-controlled ApplicationInfo, potentially altering resource/class loader mappings	CWE-441
aInfo	nested	frameworks/base/core/java/android/app/LoadedApk.java;l=392-422	setApplicationInfo can replace internal ApplicationInfo with attacker-controlled data, affecting class loader and resources	CWE-441
mApplicationInfo	nested	frameworks/base/core/java/android/app/LoadedApk.java;l=392-422	setApplicationInfo can replace internal ApplicationInfo with attacker-controlled data, affecting class loader and resources	CWE-441
webViewContext	nested	frameworks/base/core/java/android/webkit/WebViewFactory.java;l=541-563	Context creation for WebView can trigger RemoteViews resource path updates which may be influenced by untrusted ApplicationInfo	CWE-441
getWebViewContextAndSetProvider	nested	frameworks/base/core/java/android/webkit/WebViewFactory.java;l=541-563	Context creation for WebView can trigger RemoteViews resource path updates which may be influenced by untrusted ApplicationInfo	CWE-441
mResourceImpls	nested	frameworks/base/core/java/android/app/ResourcesManager.java;l=1656-1658	ResourcesManagerResource paths may be updated/overlaid based on attacker-provided ApplicationInfo from RemoteViews	CWE-441

05 Sep 2025 19:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.17.3

EPSS0.00006

SSVC

CWE-441