CVE-2025-48633

CVSS v3.1

5.5

Medium

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description The issue resides in the hasAccountsOnAnyUser function within DevicePolicyManagerService.java. A logic error in the code allows for the addition of a Device Owner after provisioning. This can lead to local escalation of privilege without requiring additional execution privileges or user interaction. The vulnerability is related to insufficient protection of sensitive data within the Android Framework. This issue is actively exploited. Numerous articles have been published regarding this vulnerability, indicating significant attention from the security community.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ASB-A-417988098

BDU:2025-14993

BDU:2025-15136

CVE-2025-48633

Affected Products

Android Framework

CVE-2025-48633

Weakness Enumeration

Related Identifiers

Affected Products

References · 79