How severe is CVE-2025-48598?

CVE-2025-48598 has a CVSS v3 score of 6.6 (MEDIUM).

CVE-2025-48598

Name: android
Author: google

6.6MEDIUM

In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional executi

Publicado: 12/8/2025Atualizado: 12/8/2025

Descrição

In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Análise IADesenvolvido por IA

Produtos Afetados

googleandroid

16.0

Referências

https://android.googlesource.com/platform/packages/apps/Settings/+/83447688f8e3e8f009f1e7d275a14ea00ee7953a
PatchProduct
https://source.android.com/security/bulletin/2025-12-01
Vendor Advisory