CVE-2025-48572
Published: 08 December 2025
Summary
CVE-2025-48572 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 42.8th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 mandates enforcement of approved authorizations for access to system resources, directly preventing the permissions bypass that enables unauthorized background activity launches leading to privilege escalation.
SI-2 requires identification, reporting, and correction of system flaws like CVE-2025-48572, preventing exploitation by applying the available patch from the Android Security Bulletin.
AC-6 enforces least privilege for accounts and functions, limiting the damage potential from low-privilege local attackers exploiting the vulnerability for escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a permissions bypass enabling local escalation of privilege without user interaction, directly facilitating T1068: Exploitation for Privilege Escalation.
NVD Description
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Deeper analysisAI
CVE-2025-48572 is a permissions bypass vulnerability present in multiple locations within the Android Open Source Project's platform/frameworks/base component. It enables the launch of activities from the background, which could result in local escalation of privilege without needing additional execution privileges or user interaction. The vulnerability is associated with CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges (PR:L) can exploit this issue due to its low attack complexity (AC:L) and lack of required user interaction (UI:N). Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), facilitating privilege escalation on the affected Android device.
The Android Security Bulletin dated 2025-12-01 addresses this vulnerability, with a corresponding patch available in the commit at android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192. It is also listed in the CISA Known Exploited Vulnerabilities Catalog.
This CVE's inclusion in the CISA KEV catalog indicates real-world exploitation has occurred.
Details
- CWE(s)
- KEV Date Added
- 02 December 2025