CVE-2025-48572
Published: 08 December 2025
Summary
CVE-2025-48572 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 43.0th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-48572 is a permissions bypass vulnerability present in multiple locations within the Android Open Source Project's platform/frameworks/base component. It enables the launch of activities from the background, which could result in local escalation of privilege without needing additional execution privileges or user interaction. The vulnerability is associated with CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges (PR:L) can exploit this issue due to its low attack complexity (AC:L) and lack of required user interaction (UI:N). Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), facilitating privilege escalation on the affected Android device.
The Android Security Bulletin dated 2025-12-01 addresses this vulnerability, with a corresponding patch available in the commit at android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192. It is also listed in the CISA Known Exploited Vulnerabilities Catalog.
This CVE's inclusion in the CISA KEV catalog indicates real-world exploitation has occurred.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-201776
Vulnerability details
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
- KEV Date Added
- 02 December 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a permissions bypass enabling local escalation of privilege without user interaction, directly facilitating T1068: Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-3 mandates enforcement of approved authorizations for access to system resources, directly preventing the permissions bypass that enables unauthorized background activity launches leading to privilege escalation.
SI-2 requires identification, reporting, and correction of system flaws like CVE-2025-48572, preventing exploitation by applying the available patch from the Android Security Bulletin.
AC-6 enforces least privilege for accounts and functions, limiting the damage potential from low-privilege local attackers exploiting the vulnerability for escalation.