Cyber Resilience

CVE-2023-21237

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 28 June 2023

Published
28 June 2023
Modified
23 October 2025
KEV Added
05 March 2024
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0098 77.2th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-21237 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Google Android. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 22.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2023-21237 is a local information disclosure vulnerability in Android 13 that stems from insufficient or misleading UI handling in the applyRemoteView method of NotificationContentInflater.java. The flaw allows a foreground service notification to be hidden, which can conceal the presence of an active service from the user. The issue carries a CVSS score of 5.5 and is tracked under Android ID A-251586912.

A local attacker with low privileges can exploit the weakness without user interaction or additional execution rights. By triggering the condition, the attacker can suppress visibility of the foreground service notification, thereby obtaining information about running services that would otherwise be disclosed to the device user.

The June 2023 Pixel security bulletin addresses the flaw as part of the monthly Android update process. The vulnerability also appears in CISA’s catalog of known exploited vulnerabilities. Its EPSS score rose from a low baseline to a peak of 0.0718 on 2024-11-11 before receding, indicating that exploitation interest increased well after initial disclosure.

EU & UK References

Vulnerability details

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

more

AndroidVersions: Android-13Android ID: A-251586912

CWE(s)
KEV Date Added
05 March 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
13.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces correct information flow for foreground-service notifications so that the applyRemoteView path cannot suppress the required user-visible indicator.

prevent

Access-enforcement logic must restrict which processes are allowed to alter or hide security-relevant notifications such as those generated for foreground services.

detect

Continuous monitoring of notification-subsystem behavior can surface anomalous suppression of foreground-service indicators that would otherwise remain hidden.

References