Login Sign Up

CVE-2025-48584

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability allows attackers to bypass per-package notification channel limits in Android's NotificationManagerService, potentially causing resource exhaustion and local denial of service. Any Android device running vulnerable versions is affected. No user interaction or special privileges are required for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to the December 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Android devices with vulnerable framework versions. The vulnerability is in the core Android framework.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device lockup or crash requiring hard reboot, potentially causing data loss or service disruption.

🟠

Likely Case

Degraded device performance, notification system failure, or temporary unresponsiveness until resource exhaustion clears.

🟢

If Mitigated

Minimal impact with proper resource monitoring and process isolation in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or app-based access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with device access could disrupt device functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed on the device. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android Security Patch Level or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the December 2025 security patch or later. 3. Reboot the device after installation completes.

🔧 Temporary Workarounds

Restrict app installation

android

Only install apps from trusted sources like Google Play Store and avoid sideloading unknown apps.

Monitor notification behavior

android

Watch for apps creating excessive notifications and uninstall suspicious apps.

🧯 If You Can't Patch

  • Implement strict app vetting policies to prevent malicious app installation
  • Use mobile device management (MDM) solutions to monitor for abnormal notification behavior

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'December 1, 2025' or later in Settings > About phone > Android version

📡 Detection & Monitoring

Log Indicators:

  • Excessive NotificationManagerService errors
  • Resource exhaustion warnings in system logs
  • Apps creating abnormal numbers of notification channels

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="android_system_logs" AND ("NotificationManagerService" AND ("limit exceeded" OR "resource exhaustion"))

📊 Metadata

CVE ID: CVE-2025-48584
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.01% exploit probability (0.5th percentile)
Published: December 8, 2025
Last Updated: December 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48584, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)