CVE-2025-48561

Name of the Vulnerable Software and Affected Versions Android versions 13 through 16

Description A side channel information disclosure issue exists in the Android Framework. This issue allows an attacker to potentially reveal sensitive information displayed on the screen. The attack, named Pixnapping, can be used to steal two-factor authentication (2FA) codes, Google Maps timelines, and other confidential data without user interaction. The attack leverages Android APIs and a hardware side channel, specifically the GPU, to extract pixel data from other applications. It utilizes the GPU's compression function and window blurring API to capture and reconstruct displayed information. The vulnerability allows a malicious application to redirect pixels from a target application to its rendering pipeline, enabling the extraction of data. The issue is not fully resolved and may affect all Android devices. It is possible to determine if an arbitrary application is installed on the device, bypassing restrictions introduced in Android 11.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.