CVE-2025-48594

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
google_androidCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
googleandroid
14.0
googleandroid
15.0
googleandroid
16.0
𝑥
= Vulnerable software versions
References
https://android.googlesource.com/platform/frameworks/base/+/ea2bcc66534263fac4c337f1a5149704c2262169
https://source.android.com/security/bulletin/2025-12-01