PT-2026-5349 · Google · Android+1

Published

2026-01-29

Updated

2026-03-02

CVE-2025-48635

CVSS v3.1

7.7

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description A logic error in multiple functions of TaskFragmentOrganizerController.java may cause an activity token leak. This issue allows for local escalation of privilege without requiring additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Protection Mechanism Failure

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-693CWE-532

Related Identifiers

ASB-A-446678690

CVE-2025-48635

Affected Products

Android

Platform/Frameworks/Base

PT-2026-5349 · Google · Android+1

CVE-2025-48635

Weakness Enumeration

Related Identifiers

Affected Products

References · 6