Login Sign Up

CVE-2025-48603

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Android's InputMethodInfo component allows local resource exhaustion leading to permanent denial of service. It affects Android devices where attackers can trigger the flaw without user interaction or elevated privileges. The impact is limited to local denial of service on affected devices.

💻 Affected Systems

Products:
  • Android OS
Versions: Specific Android versions as detailed in December 2025 security bulletin
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with vulnerable Android versions; requires local access or malicious app installation

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent denial of service on affected Android devices, requiring factory reset to recover functionality

🟠

Likely Case

Temporary service disruption on individual devices until reboot or system cleanup

🟢

If Mitigated

Minimal impact with proper patching and monitoring for resource exhaustion patterns

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with local device access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or malicious app; no user interaction needed but local execution required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level December 2025 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-12-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install December 2025 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app installation

android

Prevent installation of untrusted applications that could exploit this vulnerability

Monitor resource usage

android

Monitor system resources for unusual exhaustion patterns

🧯 If You Can't Patch

  • Implement strict application vetting and only install apps from trusted sources
  • Monitor devices for unusual behavior or performance degradation indicating potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows December 2025 or later date

📡 Detection & Monitoring

Log Indicators:

  • Unusual resource exhaustion in system logs
  • Repeated InputMethodInfo service failures

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Search for system resource exhaustion events or InputMethodInfo service crashes in Android device logs

📊 Metadata

CVE ID: CVE-2025-48603
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
EPSS Score: 0.01% exploit probability (0.5th percentile)
Published: December 8, 2025
Last Updated: December 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-48603, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)