CVE-2025-48561

Name of the Vulnerable Software and Affected Versions Android versions 13 through 16

Description A side-channel information disclosure issue exists in the Android operating system. This flaw allows a malicious application to potentially access data displayed on the screen, including sensitive information like two-factor authentication (2FA) codes, Google Maps timelines, and data from applications such as Google Authenticator, Gmail, Signal, Venmo, and others. The attack, named Pixnapping, exploits Android APIs and a hardware side channel involving the GPU to reconstruct pixels and extract displayed data without requiring special permissions. The vulnerability leverages the GPU's compression function and window blurring API to steal data. The issue is partially addressed by Google with CVE-2025-48561, but a complete fix is considered infeasible. The attack can determine if a specific application is installed on the device, bypassing restrictions introduced in Android 11. The vulnerability does not require user interaction for exploitation.

Recommendations Avoid installing applications from untrusted sources. Use hardware-based 2FA methods, such as YubiKey. Consider using hardware wallets for cryptocurrency.