PT-2025-20039 · Unknown · Enrichedcall
011100101001
·
Published
2025-05-07
·
Updated
2025-05-07
·
CVE-2025-20954
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EnrichedCall versions prior to SMR May-2025 Release 1
Description
The issue concerns the use of implicit intent for sensitive communication in EnrichedCall, allowing local attackers to access sensitive information. User interaction is required to trigger this issue.
Recommendations
For versions prior to SMR May-2025 Release 1, consider restricting access to sensitive information within the EnrichedCall feature until a patch is available.
As a temporary workaround, consider disabling the use of implicit intent for sensitive communication in EnrichedCall to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Enrichedcall