Cyber Resilience

CVE-2025-48577

High

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48577 is a high-severity Race Condition (CWE-362) vulnerability in Google Android. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-11 (Device Lock) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-48577 is a vulnerability affecting multiple functions in KeyguardViewMediator.java within Android, where a race condition (CWE-362) enables a possible lockscreen bypass. This flaw could result in local escalation of privilege without needing additional execution privileges or user interaction. The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-02T19:16:26.207.

A local attacker with no privileges (PR:N) can exploit this issue by leveraging the race condition to bypass the lockscreen, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation requires local access (AV:L) and high attack complexity (AC:H), but no user interaction (UI:N) is necessary.

The Android security bulletin at https://source.android.com/docs/security/bulletin/2026/2026-03-01 details mitigation, including patches for affected versions.

EU & UK References

Vulnerability details

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Race condition enables unauthenticated local privilege escalation via lockscreen bypass, directly matching exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-48568Same product: Google Android
CVE-2024-34732Same product: Google Android
CVE-2026-0112Same product: Google Android
CVE-2024-56192Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2024-49738Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2026-0023Same product: Google Android
CVE-2025-48574Same product: Google Android

Affected Assets

google
android
14.0, 15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces the lockscreen access control policy that the race condition in KeyguardViewMediator.java is designed to bypass.

prevent

Implements device lock behavior whose functions are subverted by the race condition allowing lockscreen bypass.

prevent

Requires a tamper-proof reference monitor to mediate all access attempts, mitigating the impact of the race condition on lock enforcement.

References