Login Sign Up

CVE-2025-22432

6.7 MEDIUM

📋 TL;DR

This Android vulnerability in the telecommunication service allows local privilege escalation through improper input validation in call redirection handling. An attacker could launch background activities and maintain persistent connections without user interaction. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to December 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android telephony services; requires local access to device.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains persistent access to device telephony services, enabling background activity launches, data exfiltration, and further privilege escalation to system-level access.

🟠

Likely Case

Local attackers exploit this to maintain unauthorized connections, launch background activities, and potentially access sensitive telephony data without user knowledge.

🟢

If Mitigated

With proper Android security controls and app sandboxing, impact is limited to the telephony service context, preventing full system compromise.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local execution privileges; no user interaction needed but requires initial access to device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android Security Patch

Vendor Advisory: https://source.android.com/security/bulletin/2025-12-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install December 2025 security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unnecessary telephony permissions

android

Review and restrict app permissions for telephony services to minimize attack surface

🧯 If You Can't Patch

  • Implement strict app isolation policies and monitor for suspicious telephony service activity
  • Use mobile device management (MDM) solutions to enforce security controls and detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows December 2025 or later date

📡 Detection & Monitoring

Log Indicators:

  • Unusual telephony service activity, unexpected call redirection attempts, persistent connections in telephony logs

Network Indicators:

  • Suspicious telephony service network connections, unexpected background data transfers

SIEM Query:

source="android_logs" AND (process="telephony" OR service="telecomm") AND (event="call_redirection" OR event="persistent_connection")

📊 Metadata

CVE ID: CVE-2025-22432
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.01% exploit probability (0.6th percentile)
Published: December 8, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22432, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)