VDB

CESS-2025-32328

CESS-2025-32328 PUBLISHED CVSS 7.8 HIGH

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

  • Dec 8, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›