CVE-2025-48544

high

Description

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2025-09-01

https://source.android.com/docs/security/bulletin/2026/2026-03-01

https://android.googlesource.com/platform/packages/providers/MediaProvider/+/c34a7f642548130e95dc374035d5a3564d30599f

Details

Source: Mitre, NVD

Published: 2025-09-04

Updated: 2026-03-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00006