CVE-2025-48582
Published: 02 March 2026
Summary
CVE-2025-48582 is a high-severity Link Following (CWE-59) vulnerability in Google Android. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-48582 is a vulnerability in Android that allows attackers to delete media files without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect in multiple locations. This issue enables local escalation of privilege and requires no additional execution privileges or user interaction for exploitation. It is classified under CWE-59 (Improper Link Resolution Before File Access) with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A local attacker can exploit this vulnerability with low attack complexity and no privileges or user interaction required. Successful exploitation leads to high-impact confidentiality, integrity, and availability violations, allowing the attacker to delete media and escalate privileges on the affected device.
The Android security bulletin published on March 1, 2026, at https://source.android.com/docs/security/bulletin/2026/2026-03-01 details patches and mitigation measures for this vulnerability.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208204
Vulnerability details
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
more
exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE explicitly describes a local privilege escalation vulnerability allowing unauthorized file deletion and impact without privileges or interaction, directly matching Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates intent inputs to prevent improper link resolution before file access, directly mitigating the CWE-59 vulnerability enabling unauthorized media deletion.
Enforces access control policies to require MANAGE_EXTERNAL_STORAGE permission for media deletion operations triggered by intent redirects.
Limits process privileges to minimize the impact of local privilege escalation from intent redirect exploitation.