Vulners
Lucene search
CVE-2025-22441
🗓️ 04 Sep 2025 18:17:24Reported by google_androidType 
cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 427 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2025-22441 | 4 Sep 202518:17 | – | attackerkb |
 | Android Security Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences. | 4 Aug 202500:00 | – | androidsecurity |
 | Exploit for Confused Deputy in Google Android | 8 Oct 202513:12 | – | githubexploit |
 | CVE-2025-22441 | 8 Oct 202513:16 | – | circl |
 | Google Android 安全漏洞 | 4 Sep 202500:00 | – | cnnvd |
 | Google Android elevation of privilege vulnerability (CNVD-2025-30727) | 8 Sep 202500:00 | – | cnvd |
 | CVE-2025-22441 | 4 Sep 202518:17 | – | cvelist |
 | EUVD-2025-27073 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-22441 | 4 Sep 202519:15 | – | nvd |
 | ASB-A-376028556 | 1 Aug 202500:00 | – | osv |
10
[
{
"vendor": "Google",
"product": "Android",
"versions": [
{
"version": "15",
"status": "affected"
},
{
"version": "14",
"status": "affected"
},
{
"version": "13",
"status": "affected"
}
],
"defaultStatus": "unaffected"
}
]| Source | Link |
|---|---|
| source | www.source.android.com/security/bulletin/2025-08-01 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| mApplication | nested | frameworks/base/core/java/android/widget/RemoteViews.java;l=6545-6561 | RemoteViews.mApplication may carry untrusted ApplicationInfo, which can be used to influence loaded resources and code loading paths when applying RemoteViews | CWE-441 |
| expectedAppInfo | nested | frameworks/base/core/java/android/app/LoadedApk.java;l=2275-2302 | checkAndUpdateApkPaths may update LoadedApk with attacker-controlled ApplicationInfo, potentially altering resource/class loader mappings | CWE-441 |
| cacheWithCode | nested | frameworks/base/core/java/android/app/LoadedApk.java;l=2275-2302 | checkAndUpdateApkPaths may update LoadedApk with attacker-controlled ApplicationInfo, potentially altering resource/class loader mappings | CWE-441 |
| aInfo | nested | frameworks/base/core/java/android/app/LoadedApk.java;l=392-422 | setApplicationInfo can replace internal ApplicationInfo with attacker-controlled data, affecting class loader and resources | CWE-441 |
| mApplicationInfo | nested | frameworks/base/core/java/android/app/LoadedApk.java;l=392-422 | setApplicationInfo can replace internal ApplicationInfo with attacker-controlled data, affecting class loader and resources | CWE-441 |
| webViewContext | nested | frameworks/base/core/java/android/webkit/WebViewFactory.java;l=541-563 | Context creation for WebView can trigger RemoteViews resource path updates which may be influenced by untrusted ApplicationInfo | CWE-441 |
| getWebViewContextAndSetProvider | nested | frameworks/base/core/java/android/webkit/WebViewFactory.java;l=541-563 | Context creation for WebView can trigger RemoteViews resource path updates which may be influenced by untrusted ApplicationInfo | CWE-441 |
| mResourceImpls | nested | frameworks/base/core/java/android/app/ResourcesManager.java;l=1656-1658 | ResourcesManagerResource paths may be updated/overlaid based on attacker-provided ApplicationInfo from RemoteViews | CWE-441 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Sep 2025 19:15Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.17.3
EPSS0.00006
SSVC