CVE-2025-48600 – This CVE describes a missing permission check v... (How to Fix)

Q: What is the severity of CVE-2025-48600?

CVE-2025-48600 has a CVSS score of 5.5 (MEDIUM). This CVE describes a missing permission check vulnerability in Android's IntentResolver component that allows local information disclosure across user boundaries. Any Android device running vulnerable versions is affected, allowing one user to access another user's data without requiring additional privileges or user interaction.

📋 TL;DR

This CVE describes a missing permission check vulnerability in Android's IntentResolver component that allows local information disclosure across user boundaries. Any Android device running vulnerable versions is affected, allowing one user to access another user's data without requiring additional privileges or user interaction.

💻 Affected Systems

Products:

Android

Versions: Android versions prior to the December 2025 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects multi-user Android devices where the IntentResolver component is used for inter-process communication between user contexts.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete cross-user data leakage where an attacker can access sensitive personal data, authentication tokens, or private files from other user accounts on the same device.

🟠

Likely Case

Limited information disclosure where an attacker can access some metadata or non-sensitive user data, potentially enabling further attacks or privacy violations.

🟢

If Mitigated

No information disclosure occurs due to proper permission checks and isolation between user accounts.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.

🏢 Internal Only: MEDIUM - In enterprise environments with shared devices or BYOD scenarios, this could allow one employee to access another's data on the same device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No user interaction required, but attacker needs local access to the device. The vulnerability is in the permission check mechanism itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android Security Patch

Vendor Advisory: https://source.android.com/security/bulletin/2025-12-01

Restart Required: Yes

Instructions:

1. Apply the December 2025 Android Security Patch through Settings > System > System Update. 2. For enterprise devices, push the update through your MDM solution. 3. Verify the patch is applied by checking the security patch level in Settings > About phone.

🔧 Temporary Workarounds

Disable multi-user mode

android

Prevents cross-user attacks by disabling Android's multi-user feature

adb shell pm disable-user --user 0 com.android.systemui

Restrict app permissions

android

Review and restrict permissions for apps that use IntentResolver functionality

🧯 If You Can't Patch

Isolate sensitive data to separate devices or user accounts with no shared access
Implement strict access controls and monitoring for multi-user Android devices

🔍 How to Verify

Check if Vulnerable:

Check if the security patch level is older than December 2025 in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify the security patch level shows December 2025 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

Unusual cross-user intent resolutions in system logs
Permission denial logs for IntentResolver operations

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

source="android_system" AND ("IntentResolver" OR "permission check") AND ("denied" OR "failed")

📊 Metadata

CVE ID: CVE-2025-48600

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

EPSS Score: 0.01% exploit probability (0.3th percentile)

Published: December 8, 2025

Last Updated: December 8, 2025

🔗 References

https://android.googlesource.com/platform/packages/modules/IntentResolver/+/bbe2dc3fb85fac9053b427b6d3c4af3506e0d9b4 Patch,Product
https://source.android.com/security/bulletin/2025-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48600, you might also want to check these: