Login Sign Up

CVE-2025-48545

7.1 HIGH

📋 TL;DR

This vulnerability allows a malicious Android app to bypass user ID checks and access privileged system APIs, potentially gaining elevated privileges on the device. It affects Android devices running vulnerable versions, requiring no user interaction for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Specific versions not detailed in references, but appears in Android Security Bulletin September 2025
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices with vulnerable framework versions; requires malicious app installation

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise where an attacker gains system-level privileges, potentially installing persistent malware, accessing sensitive data, or disabling security controls.

🟠

Likely Case

Local privilege escalation allowing malicious apps to perform unauthorized actions like accessing protected system resources or user data without permission.

🟢

If Mitigated

Limited impact if devices are fully patched and app permissions are properly restricted through security policies.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires malicious app installation but no user interaction; confused deputy vulnerability in AccountManagerService

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Update September 2025 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-09-01

Restart Required: No

Instructions:

1. Apply Android Security Update from September 2025 or later. 2. Update device through Settings > System > System Update. 3. Verify update installation in About Phone > Android version.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store and disable unknown sources

🧯 If You Can't Patch

  • Implement mobile device management (MDM) policies to restrict app installations
  • Monitor for suspicious app behavior and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About Phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is September 2025 or later in Settings > About Phone

📡 Detection & Monitoring

Log Indicators:

  • Unusual AccountManagerService API calls from non-system UIDs
  • Privilege escalation attempts in system logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="android_system" AND "AccountManagerService" AND "isSystemUid" AND result="success" AND uid!=1000

📊 Metadata

CVE ID: CVE-2025-48545
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-441
EPSS Score: 0.01% exploit probability (0.2th percentile)
Published: September 4, 2025
Last Updated: March 4, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48545, you might also want to check these:

CVE-2021-20042 9.8

CVE-2021-20042 allows unauthenticated remote attackers to use SonicWall SMA 100 series appliances as...

Same vulnerability type (CWE-441)
CVE-2025-64123 9.8

This vulnerability in Nuvation Energy Multi-Stack Controller allows the device to act as an unintend...

Same vulnerability type (CWE-441)
CVE-2025-11393 8.7

A misconfigured proxy in runtimes-inventory-rhel8-operator attaches cluster administrative credentia...

Same vulnerability type (CWE-441)