CVE-2025-48561 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
google_android	CNA	---				---
CISA-ADP	ADP	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
google	android	13.0
google	android	14.0
google	android	15.0
google	android	16.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Vulnerability Media Exposure

[ENGLISH] New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of
Published: 2025-10-14T16:48:00+05:30
[GERMAN] 2FA-Codes und mehr: GPU-Angriff ermöglicht gefährliche Spionage unter Android
Alles, was auf dem Display eines Android-Gerätes sichtbar ist, lässt sich ausleiten. Die Angreifer-App braucht keine speziellen Berechtigungen. ( Sicherheitslücke , Google )
Published: 2025-10-15T13:10:09+02:00

References

https://android.googlesource.com/platform/frameworks/native/+/20465375a1d0cb71cdb891235a9f8a3fba31dbf6

https://source.android.com/security/bulletin/2025-09-01