Cyber Resilience

CVE-2024-43765

High

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43765 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-43765 is a vulnerability affecting Android that enables access to a folder through a tapjacking/overlay attack in multiple locations. This flaw could result in local escalation of privilege, requiring user execution privileges. It is rated with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H) and maps to CWE-276 (Incorrect Default Permissions). The vulnerability was published on 2025-01-21.

A local attacker possessing low privileges (PR:L) can exploit this issue with low attack complexity to achieve local escalation of privilege. Although the CVSS vector specifies no user interaction (UI:N), the description notes that user interaction is needed for exploitation. Successful exploitation grants high impacts on confidentiality, integrity, and availability.

The Android security bulletin at https://source.android.com/security/bulletin/2025-01-01 details patches and mitigation measures for this vulnerability.

EU & UK References

Vulnerability details

In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via exploitation of incorrect default permissions (CWE-276) using overlay/tapjacking.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49737Same product: Google Android
CVE-2024-53841Same product: Google Android
CVE-2024-34730Same product: Google Android
CVE-2024-49735Same product: Google Android
CVE-2024-49732Same product: Google Android
CVE-2024-53835Same product: Google Android
CVE-2024-43769Same product: Google Android
CVE-2024-53840Same product: Google Android
CVE-2024-49744Same product: Google Android
CVE-2018-9434Same product: Google Android

Affected Assets

google
android
12.0, 12.1, 13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the Android-specific tapjacking vulnerability enabling folder access and local privilege escalation through timely patching as detailed in the security bulletin.

prevent

Enforces approved authorizations for access to the vulnerable folder, directly countering the incorrect default permissions (CWE-276) exploited via overlay attacks.

prevent

Limits the impact of local privilege escalation by ensuring only minimal privileges are granted to processes, reducing damage from successful folder access.

References