CVE-2025-48576

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in the Framework component of Android operating systems due to insufficient input validation. Exploitation may allow an attacker to cause a denial of service. Specifically, the updateNotificationChannelGroupFromPrivilegedListener function within NotificationManagerService.java is susceptible to permanent denial of service due to resource exhaustion. This does not require additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

ASB-A-426205822

BDU:2025-15139

CVE-2025-48576

Affected Products

Android

CVE-2025-48576

Weakness Enumeration

Related Identifiers

Affected Products

References · 11