VDB

CISA-2025-48591

CISA-2025-48591 PUBLISHED CVSS 5.5 MEDIUM

Reported by google_android · Published December 8, 2025

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
GoogleAndroid15, 14, 13
GoogleAndroid15, 14, 13

Timeline

  • Dec 8, 2025 CVE Published
  • Dec 17, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›