Cyber Resilience

CVE-2025-48582

High

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 1.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-48582 is a high-severity Link Following (CWE-59) vulnerability in Google Android. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-48582 is a vulnerability in Android that allows attackers to delete media files without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect in multiple locations. This issue enables local escalation of privilege and requires no additional execution privileges or user interaction for exploitation. It is classified under CWE-59 (Improper Link Resolution Before File Access) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability with low attack complexity and no privileges or user interaction required. Successful exploitation leads to high-impact confidentiality, integrity, and availability violations, allowing the attacker to delete media and escalate privileges on the affected device.

The Android security bulletin published on March 1, 2026, at https://source.android.com/docs/security/bulletin/2026/2026-03-01 details patches and mitigation measures for this vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

more

exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE explicitly describes a local privilege escalation vulnerability allowing unauthorized file deletion and impact without privileges or interaction, directly matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-48646Same product: Google Android
CVE-2024-43077Same product: Google Android
CVE-2026-0106Same product: Google Android
CVE-2024-53840Same product: Google Android
CVE-2025-48574Same product: Google Android
CVE-2024-49732Same product: Google Android
CVE-2025-48619Same product: Google Android
CVE-2024-49742Same product: Google Android
CVE-2026-0035Same product: Google Android
CVE-2024-11624Same product: Google Android

Affected Assets

google
android
14.0, 15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates intent inputs to prevent improper link resolution before file access, directly mitigating the CWE-59 vulnerability enabling unauthorized media deletion.

prevent

Enforces access control policies to require MANAGE_EXTERNAL_STORAGE permission for media deletion operations triggered by intent redirects.

prevent

Limits process privileges to minimize the impact of local privilege escalation from intent redirect exploitation.

References