Primary

Context

Android Framework Audio File Permission Confusion Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the Android Framework that can lead to the unauthorized access of audio files across different user profiles. This issue arises from a 'confused deputy' scenario, where permissions are not properly enforced, potentially allowing a malicious application to access files it shouldn't. Exploitation of this vulnerability could result in local escalation of privileges, with no additional execution rights required. The flaw affects multiple versions of the Android Framework.

Impact

Exploitation of this vulnerability could lead to unauthorized access to audio files across user profiles, allowing for local escalation of privileges.

Remediation

Users can update their devices to the December 2025 security patch level to address this vulnerability.

Added: Dec 8, 2025, 6:03 PM

Updated: Dec 8, 2025, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

1.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

1.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework Audio File Permission Confusion Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating