CVE-2025-32346
📋 TL;DR
This vulnerability allows a malicious app to access work profile contact numbers from the voicemail settings component without proper permission checks. It affects Android devices with work profiles enabled, potentially exposing sensitive corporate contact information. Exploitation requires no user interaction and no additional privileges.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete exposure of all work profile contact numbers to malicious apps, enabling targeted phishing, social engineering, or corporate espionage campaigns.
Likely Case
Malicious apps silently harvest work contact information for data aggregation or targeted advertising purposes.
If Mitigated
With proper app isolation and permission controls, impact is limited to apps already installed on the device.
🎯 Exploit Status
Exploitation requires creating a malicious app that triggers the vulnerable onActivityResult method in VoicemailSettingsActivity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: September 2025 Android security patch level or later
Vendor Advisory: https://source.android.com/security/bulletin/2025-09-01
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > System update. 2. Install September 2025 security patch or later. 3. Restart device after installation.
🔧 Temporary Workarounds
Disable work profile
androidRemove or disable the work profile feature to eliminate the attack surface
Settings > Accounts > Work profile > Remove work profile
Restrict app installations
androidOnly allow installation from trusted sources like Google Play Store
Settings > Security > Install unknown apps > Disable for all apps
🧯 If You Can't Patch
- Implement mobile device management (MDM) with strict app whitelisting policies
- Educate users about risks of installing apps from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version > Security patch levelCheck Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows September 2025 or later date📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to VoicemailSettingsActivity
- Apps requesting work profile permissions without business need
Network Indicators:
- Unusual data exfiltration from devices with work profiles
SIEM Query:
source="android_logs" AND activity="VoicemailSettingsActivity" AND result_code=RESULT_OK AND data_uri CONTAINS "contacts"