CVE-2025-48604
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Android's MMS service that allows unauthorized file access across user boundaries. An attacker with local access can read files from other users without requiring any permissions or user interaction. This affects Android devices with vulnerable MMS service implementations.
💻 Affected Systems
- Android MMS Service
📦 What is this software?
Android by Google
Android by Google
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of user data isolation, allowing attackers to read sensitive files (contacts, messages, documents) from other user accounts on the same device.
Likely Case
Limited information disclosure where attackers can access some files from other users, potentially exposing personal data or configuration files.
If Mitigated
No impact if proper Android security updates are applied or if device uses secure multi-user isolation properly implemented.
🎯 Exploit Status
Exploitation requires local access to the device but no special permissions. The vulnerability is in the permission check logic of the MMS service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: December 2025 Android Security Patch or later
Vendor Advisory: https://source.android.com/security/bulletin/2025-12-01
Restart Required: Yes
Instructions:
1. Check for Android system updates in Settings > System > System update. 2. Install the December 2025 security patch or later. 3. Reboot the device after installation completes.
🔧 Temporary Workarounds
Disable MMS Service
androidTemporarily disable the vulnerable MMS service component to prevent exploitation
adb shell pm disable-user --user 0 com.android.mms.service
Restrict Multi-User Mode
androidDisable multiple user accounts on the device to reduce attack surface
🧯 If You Can't Patch
- Implement strict physical security controls for devices
- Use mobile device management (MDM) to enforce security policies and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than December 2025, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify security patch level shows December 2025 or later. Test MMS functionality to ensure service is working after patch.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in MMS service logs
- Permission denial errors followed by successful file access
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="android_logs" AND process="com.android.mms.service" AND (event="File access" OR event="Permission check")