VDB
CISA-2025-48529
CISA-2025-48529
PUBLISHED
CVSS 5.5 MEDIUM
Reported by google_android · Published September 4, 2025
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 16, 15, 14 | |
| Android | 16, 14, 13 |
Timeline
- Sep 4, 2025 CVE Published
- Sep 4, 2025 CVE Updated