CVE-2025-48652

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Android devices with MDM (affected versions not specified)

Description A logic error in the performPreInstallChecks function within InstallRepository.kt allows for a bypass of the Mobile Device Management (MDM) policy. This flaw enables local escalation of privilege without requiring additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

CVE-2025-48652

Affected Products

Android

CVE-2025-48652

Weakness Enumeration

Related Identifiers

Affected Products

References · 4