CVE-2025-48554

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
google_androidCNA
---
---
CISA-ADPADP
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
googleandroid
13.0
googleandroid
14.0
googleandroid
15.0
googleandroid
16.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://android.googlesource.com/platform/frameworks/base/+/660c7075dc00d23a47f8b2018d62c66b8e27c450
https://source.android.com/security/bulletin/2025-09-01