CVE-2025-48646

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description A confused deputy issue exists in the executeRequest() function of ActivityStarter.java, which may allow a launch anywhere. This can lead to local escalation of privilege without requiring additional execution privileges, although user interaction is necessary for exploitation. A confused deputy is a security flaw where a privileged entity is tricked by a less privileged entity into performing an action on its behalf.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.