PT-2025-36061 · Unknown · Package Manager Service

Published

2025-09-01

Updated

2025-09-04

CVE-2025-48538

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PackageManagerService (affected versions not specified)

Description An issue exists in the setApplicationHiddenSettingAsUser function within PackageManagerService.java due to improper input validation. This could allow an attacker to hide a system-critical package, potentially leading to a local denial of service. User interaction is not required for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ASB-A-328182084

BDU:2025-11684

CVE-2025-48538

Affected Products

Package Manager Service

PT-2025-36061 · Unknown · Package Manager Service

CVE-2025-48538

Weakness Enumeration

Related Identifiers

Affected Products

References · 10