CVE-2025-48561

In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://android.googlesource.com/platform/frameworks/native/+/20465375a1d0cb71cdb891235a9f8a3fba31dbf6	Patch
https://source.android.com/security/bulletin/2025-09-01	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*
	cpe:2.3:o:google:android:15.0:::::::*
	cpe:2.3:o:google:android:16.0:::::::*

History

05 Sep 2025, 19:08

Type	Values Removed	Values Added
References	~~() https://android.googlesource.com/platform/frameworks/native/+/20465375a1d0cb71cdb891235a9f8a3fba31dbf6 -~~	() https://android.googlesource.com/platform/frameworks/native/+/20465375a1d0cb71cdb891235a9f8a3fba31dbf6 - Patch
References	~~() https://source.android.com/security/bulletin/2025-09-01 -~~	() https://source.android.com/security/bulletin/2025-09-01 - Vendor Advisory
First Time		Google Google android
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-203
CPE		cpe:2.3:o:google:android:14.0:::::::* cpe:2.3:o:google:android:16.0:::::::* cpe:2.3:o:google:android:15.0:::::::* cpe:2.3:o:google:android:13.0:::::::*

04 Sep 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-04 19:15

Updated : 2025-09-08 19:15

NVD link : CVE-2025-48561

Mitre link : CVE-2025-48561

CVE.ORG link : CVE-2025-48561

JSON object : View

Products Affected

google

android

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2025-48561", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-04T19:15:43.543", "references": [{"url": "https://android.googlesource.com/platform/frameworks/native/+/20465375a1d0cb71cdb891235a9f8a3fba31dbf6", "tags": ["Patch"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2025-09-01", "tags": ["Vendor Advisory"], "source": "security@android.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}], "lastModified": "2025-09-08T19:15:35.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}, {"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}, {"criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}