Primary

Context

Android Settings SpaAppBridgeActivity Cross-User File Reveal Vulnerability Allowing Privilege Escalation

Vulnerability

A logic error in the SpaAppBridgeActivity component of the Android Settings app could lead to a cross-user file reveal. This vulnerability allows for local escalation of privilege without requiring additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to files across different user profiles, potentially leading to unauthorized privilege escalation.

Remediation

Users can update their devices to the May 2025 security patch level to address this vulnerability.

Added: Sep 4, 2025, 6:58 PM

Updated: Sep 4, 2025, 6:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Settings SpaAppBridgeActivity Cross-User File Reveal Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating