CVE-2025-0080 – This CVE describes a tapjacking/overlay vulnera... (How to Fix)

Q: What is the severity of CVE-2025-0080?

CVE-2025-0080 has a CVSS score of 7.8 (HIGH). This CVE describes a tapjacking/overlay vulnerability in Android that allows malicious apps to overlay installation confirmation dialogs. This enables local privilege escalation without requiring user interaction or additional permissions. All Android devices running vulnerable versions are affected.

📋 TL;DR

This CVE describes a tapjacking/overlay vulnerability in Android that allows malicious apps to overlay installation confirmation dialogs. This enables local privilege escalation without requiring user interaction or additional permissions. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:

Android

Versions: Android versions prior to March 2025 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Android devices with vulnerable versions, regardless of manufacturer or customizations.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full system control by tricking users into installing malicious apps with elevated permissions, potentially leading to complete device compromise and data theft.

🟠

Likely Case

Malicious apps bypass installation warnings to gain permissions they shouldn't have, leading to data access, surveillance capabilities, or further exploitation.

🟢

If Mitigated

With proper app vetting and security controls, the risk is limited to isolated privilege escalation within the app sandbox.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires a malicious app to be installed first, but once installed, no user interaction is needed for the overlay attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2025 Android Security Patch Level or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install March 2025 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unknown sources

android

Prevent installation of apps from unknown sources to block initial malicious app installation

Settings > Security > Install unknown apps > Disable for all apps

Use app verification

android

Enable Google Play Protect to scan apps before installation

Settings > Security > Google Play Protect > Scan device for security threats

🧯 If You Can't Patch

Restrict app installations to Google Play Store only
Implement mobile device management (MDM) with app whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows March 2025 or later in Settings > About phone > Android version

📡 Detection & Monitoring

Log Indicators:

Multiple overlay permission requests
Unexpected installation dialogs
App permission escalation without user confirmation

Network Indicators:

None - this is a local attack

SIEM Query:

android.security.overlay OR android.permission.SYSTEM_ALERT_WINDOW

📊 Metadata

CVE ID: CVE-2025-0080

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

EPSS Score: 0.01% exploit probability (0.4th percentile)

Published: August 26, 2025

Last Updated: September 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0080, you might also want to check these: