2 matches found
CVE-2025-48573
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48573
The CVE-2025-48573 entry describes a local elevation-of-privilege in Android's MediaSessionRecord.java via a path in sendCommand that could allow launching a foreground service while the app is backgrounded (FGS while-in-use abuse). The issue enables privilege escalation without extra execution p...