ASB-A-283962634 — Vulnetix

ASB-A-283962634 PUBLISHED

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/providers/DownloadProvider	15-next:0, 12:0, 12
platform	frameworks/base	15-next:0, 15-next, 12:0

Timeline

Mar 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-03-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/a6321142ea43053ea8d0db516eede4c35c5dab18 patch
https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b2cc552f8e1ed982e6662f64baa2cdbf1acaf777 patch

Open in Interactive Console →