CVE-2025-48534

In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
google_androidCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Vulnerability Media Exposure
References
https://android.googlesource.com/platform/packages/modules/CellBroadcastService/+/584cec4f17eab96ac44bce4e1bce8d6a2c59cd75
https://source.android.com/security/bulletin/2025-09-01