ASB-A-404254549 — Vulnetix

ASB-A-404254549 PUBLISHED

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/opt/telephony	16-qpr2-next:0, 16-qpr2-next, 15:0

Timeline

Dec 1, 2025 CVE Published
May 8, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-12-01 advisory
https://android.googlesource.com/platform/frameworks/opt/telephony/+/fee68bcdcf029e8f40980616d09367610544bc62 patch

Open in Interactive Console →