CVE-2025-48543
Published: 04 September 2025
Summary
CVE-2025-48543 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 45.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of known flaws like this use-after-free vulnerability through patching as specified in the Android Security Bulletin.
Implements memory protection mechanisms that defend against use-after-free exploits by preventing unauthorized memory access and code execution.
Enforces process isolation to strengthen sandbox boundaries, mitigating escapes from Chrome sandbox to system_server.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in ART enables local privilege escalation via Chrome sandbox escape to compromise system_server.
NVD Description
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
more
needed for exploitation.
Deeper analysisAI
CVE-2025-48543 is a use-after-free vulnerability (CWE-416) present in multiple locations within the Android Open Source Project's ART (Android Runtime) component. It enables escaping the Chrome sandbox to target the Android system_server, affecting Android devices. The vulnerability was published on 2025-09-04 and carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
A local attacker with low privileges can exploit this issue without requiring user interaction or additional execution privileges. Exploitation allows escalation of privilege by leveraging the use-after-free to break out of the Chrome sandbox and compromise the system_server, resulting in high impacts to confidentiality, integrity, and availability across the system scope.
The Android Security Bulletin for 2025-09-01 addresses this vulnerability with a patch applied in the commit at https://android.googlesource.com/platform/art/+/444fc40dfb04d2ec5f74c443ed3a4dd45d3131f2. Security practitioners should ensure Android devices receive the latest monthly security updates to mitigate exposure.
This CVE appears in the CISA Known Exploited Vulnerabilities Catalog, signaling active real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 04 September 2025