TROYANOSYVIRUS
Retour aux CVEs

CVE-2025-48633

MEDIUMCISA KEV
5.5

Description

In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Details CVE

Score CVSS v3.15.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie12/8/2025
Derniere modification12/10/2025
Sourcekev
Observations honeypot0

CISA KEV

FournisseurAndroid
ProduitFramework
Nom vulnerabiliteAndroid Framework Information Disclosure Vulnerability
Date ajout KEV2025-12-02
Date limite remediation2025-12-23
Utilise dans ransomwareUnknown

Produits affectes

google:android

References

https://android.googlesource.com/platform/frameworks/base/+/d00bcda9f42dcf272d329e9bf9298f32af732f93(security@android.com)
https://source.android.com/security/bulletin/2025-12-01(security@android.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48633(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.