VDB
CISA-2025-48538
CISA-2025-48538
PUBLISHED
CVSS 5.5 MEDIUM
Reported by google_android · Published September 4, 2025
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 16, 15, 14 | |
| Android | 16, 15, 14 |
Timeline
- Sep 4, 2025 CVE Published
- Sep 4, 2025 CVE Updated