alt Hacker NewsI'm really struggling to find any concrete information about what this vulnerability actually is. Does anyone know where to look for a good summary?
Replies
>[...] there is a possible way to launch activities from the background due to a permissions bypass.
https://www.cve.org/CVERecord?id=CVE-2025-48572
https://android.googlesource.com/platform/frameworks/base/+/...
https://android.googlesource.com/platform/frameworks/base/+/...
>"In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed."
https://www.cve.org/CVERecord?id=CVE-2025-48633
https://android.googlesource.com/platform/frameworks/base/+/...
[dead]
Search CVE numbers.
https://www.cve.org/CVERecord?id=CVE-2025-48633
Basically, just like most things these days, its all just local privilege escalation. This means that you have to install/run an app that has these exploits built in.
Soif you usage profile doesn't include downloading apps from untrusted sources, you don't need to worry.