CVE-2025-48588

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in the Framework component of Android operating systems related to insufficient protection of service data. Exploitation may allow a remote attacker to escalate privileges. A logic error in the startAlwaysOnVpn function of Vpn.java could allow disabling of always-on VPN, potentially leading to local escalation of privilege without requiring additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.