Cyber Resilience

CVE-2025-48636

High

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48636 is a high-severity Path Traversal (CWE-22) vulnerability in Google Android. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-48636 is a path traversal vulnerability (CWE-22) in the openFile method of BugreportContentProvider.java within Android Wear OS. Published on 2026-03-02, it enables unauthorized reading and writing of files, potentially leading to local escalation of privilege. No additional execution privileges or user interaction are required for exploitation, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability due to its low attack complexity and lack of privilege requirements. By leveraging the path traversal flaw, the attacker gains the ability to read sensitive files and overwrite arbitrary ones, resulting in full local privilege escalation and high impacts on confidentiality, integrity, and availability.

The Android Wear OS security bulletin dated 2026-03-01 details patches and mitigation guidance at https://source.android.com/docs/security/bulletin/wear/2026/2026-03-01.

EU & UK References

Vulnerability details

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…

more

for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Path traversal enables direct local file read access (T1005) and results in privilege escalation without additional requirements (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-48567Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2024-31328Same product: Google Android
CVE-2025-48645Same product: Google Android
CVE-2024-53841Same product: Google Android
CVE-2024-56191Same product: Google Android
CVE-2024-49745Same product: Google Android
CVE-2025-48613Same product: Google Android
CVE-2025-48650Same product: Google Android

Affected Assets

google
android
16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the path traversal vulnerability by requiring validation of file path inputs to the openFile method, preventing unauthorized file access.

prevent

Enforces strict access controls in the BugreportContentProvider to block unauthorized reading and writing of files outside intended directories.

prevent

Applies least privilege to limit the impact of local privilege escalation achieved through the path traversal exploit.

References