Login Sign Up

CVE-2025-48546

7.8 HIGH

📋 TL;DR

This vulnerability allows malicious apps to launch background activities without proper permission checks, enabling local privilege escalation on Android devices. It affects Android systems where the flawed SafeActivityOptions.java logic is present. No user interaction is required for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Specific versions mentioned in Android Security Bulletin 2025-09-01
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices with the vulnerable framework code; exact version ranges should be verified from the Android Security Bulletin.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attackers to execute arbitrary code with elevated privileges, access sensitive data, or install persistent malware.

🟠

Likely Case

Malicious apps gaining unauthorized access to protected activities, potentially stealing user data or performing unauthorized actions.

🟢

If Mitigated

Limited impact with proper app sandboxing and security updates applied.

🌐 Internet-Facing: LOW (requires local app installation)
🏢 Internal Only: HIGH (exploitable by any installed malicious app)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires a malicious app to be installed; exploitation leverages logic error in permission checking.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2025-09-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-09-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the September 2025 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store and disable unknown sources.

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

  • Monitor for suspicious app behavior using security tools
  • Implement application allowlisting to restrict which apps can run

🔍 How to Verify

Check if Vulnerable:

Check Android Security Patch Level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Security Patch Level shows September 2025 or later date

📡 Detection & Monitoring

Log Indicators:

  • Unusual activity launches in system logs
  • Permission denial errors for SafeActivityOptions

Network Indicators:

  • None (local exploitation only)

SIEM Query:

Search for process launches with unexpected parent-child relationships or permission violations

📊 Metadata

CVE ID: CVE-2025-48546
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-693
EPSS Score: 0.01% exploit probability (0.7th percentile)
Published: September 4, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48546, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)