ASB-A-310632322 — Vulnetix

ASB-A-310632322 PUBLISHED

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	15-next:0, 15-next, 15:0

Timeline

May 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-05-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/475f9914f71641f0eedc4a8412cf48f49290a60c patch
https://android.googlesource.com/platform/frameworks/base/+/99aae825ded253fe58695ceb853f2f631137f1c4 patch

Open in Interactive Console →