CVE-2025-48572

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32319

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32319

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48627

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48627

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48627

CVE-2025-48627 affects the Android Framework, specifically the startNextMatchingActivity path in ActivityTaskManagerService.java. The issue is a logic error that can allow launching an activity from the background, resulting in local escalation of privilege without additional execution privileges...

CVE-2025-48626

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48626

CVE-2025-48626 pertains to Google Android where a precondition check failure can allow launching an application from the background, enabling remote escalation of privilege without user interaction. Documented across multiple feeds (NVD, Red Hat advisory, CNVD, EUVD, OSV, CVE list, and regional b...

CVE-2025-48626

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48580

Technical details about CVE-2025-48580 are not publicly provided in the supplied documents. Monitor for updates from Android bulletin and vendor advisories for complete root-cause, affected products, and fixes.

CVE-2025-48580

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2025-201772

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2025-201775

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48573

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48573

The CVE-2025-48573 entry describes a local elevation-of-privilege in Android's MediaSessionRecord.java via a path in sendCommand that could allow launching a foreground service while the app is backgrounded (FGS while-in-use abuse). The issue enables privilege escalation without extra execution p...

CVE-2025-48573

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-48572

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48572

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48572

CVE-2025-48572 is an Android Framework privilege-escalation vulnerability. It stems from improper input validation in the Framework component, allowing a local application to launch activities from background and execute arbitrary code with elevated privileges. Affected products are Android devic...