CVE-2025-4731918.12.2025, 06:15Information disclosure while exposing internal TA-to-TA communication APIs to HLOSEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.7 MEDIUMLOCALLOWHIGHCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:NqualcommCNA6.7 MEDIUMLOCALLOWHIGHCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:NCISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 1%Common Weakness EnumerationCWE-497 - Exposure of Sensitive System Information to an Unauthorized Control SphereThe application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.Vulnerability Media Exposure[GERMAN] Android Patchday Dezember 2025: Mehrere SchwachstellenEin Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um sich erweiterte Berechtigungen zu verschaffen, einen Denial-of-Service-Zustand auszulösen, vertrauliche Informationen offenzulegen oder andere nicht näher spezifizierte Angriffe durchzuführen.Published: 2025-12-01T23:00:00+00:00Referenceshttps://docs.qualcomm.com/product/publicresources/securitybulletin/december-2025-bulletin.html