Cyber Resilience

CVE-2025-48645

HighLPE

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 9.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-48645 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-48645 is a vulnerability in the loadDescription function of DeviceAdminInfo.java within the Android platform, stemming from improper input validation that enables a possible persistent package. Published on 2026-03-02, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management) alongside NVD-CWE-noinfo.

A local attacker with low privileges can exploit this vulnerability without requiring user interaction or additional execution privileges. Successful exploitation leads to local escalation of privilege, granting high-impact confidentiality, integrity, and availability compromises on the affected device.

The Android security bulletin at https://source.android.com/docs/security/bulletin/2026/2026-03-01 details mitigation measures and patches for this issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via improper input validation directly matches Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-49742Same product: Google Android
CVE-2018-9375Same product: Google Android
CVE-2026-0023Same product: Google Android
CVE-2026-0029Same product: Google Android
CVE-2025-48613Same product: Google Android
CVE-2026-0032Same product: Google Android
CVE-2025-48646Same product: Google Android
CVE-2024-43077Same product: Google Android
CVE-2026-0106Same product: Google Android
CVE-2024-53840Same product: Google Android

Affected Assets

google
android
14.0, 15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation in loadDescription of DeviceAdminInfo.java that enables persistent package creation and local privilege escalation.

prevent

Enforces least privilege to mitigate the impact of privilege escalation resulting from the input validation flaw tied to CWE-269 Improper Privilege Management.

prevent

Requires enforcement of access control policies to counter unauthorized privilege escalation via the persistent package vulnerability.

References