VDB

CESS-2025-22427

CESS-2025-22427 PUBLISHED CVSS 7.3 HIGH

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Risk Scores

CVSS 3.1
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Timeline

  • Sep 2, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›