>[...] there is a possible way to launch activities from the background due to a permissions bypass.

https://www.cve.org/CVERecord?id=CVE-2025-48572

https://android.googlesource.com/platform/frameworks/base/+/...

https://android.googlesource.com/platform/frameworks/base/+/...

>"In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed."

https://www.cve.org/CVERecord?id=CVE-2025-48633

https://android.googlesource.com/platform/frameworks/base/+/...