CVE-2025-48578

Name of the Vulnerable Software and Affected Versions MediaProvider.java (affected versions not specified)

Description A flaw exists in multiple functions within MediaProvider.java that may allow bypassing the WRITE EXTERNAL STORAGE permission due to a missing permission check. Successful exploitation could lead to local escalation of privilege without requiring additional execution privileges. User interaction is required for exploitation. The affected component is MediaProvider.java.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.