CVE-2025-48536

Name of the Vulnerable Software and Affected Versions SettingsSliceProvider.java (affected versions not specified)

Description A flaw exists in the grantAllowlistedPackagePermissions function within the SettingsSliceProvider.java component. This issue allows a third-party application to potentially modify secure settings due to a confused deputy condition. Successful exploitation could lead to local escalation of privilege without requiring additional execution privileges or user interaction. The vulnerable function is grantAllowlistedPackagePermissions().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.