Primary

Context

Android Framework PackageParser Intent Handling Privilege Escalation Vulnerability

Vulnerability

A vulnerability has been identified in the Android Framework's PackageParser component, specifically in the createIntentsList function. This issue arises from unsafe deserialization, which creates a potential bypass of lazy bundle hardening. As a result, modified data could be passed to the next process, leading to unauthorized privilege escalation. Notably, this vulnerability does not require any additional execution privileges and can be exploited without user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized local privilege escalation, allowing a user to gain elevated rights or access within the system.

Remediation

Users can update their devices to the June 2025 security patch level to address this vulnerability.

Added: Sep 4, 2025, 6:41 PM

Updated: Sep 4, 2025, 6:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework PackageParser Intent Handling Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating