Primary

Context

Android Settings SpaActivity Cross-User Permission Bypass Vulnerability Allowing Privilege Escalation

Vulnerability

A logic error in the Android Settings application, specifically in the SpaActivity component, has introduced a cross-user permission bypass vulnerability. This issue allows for local escalation of privileges without requiring additional execution rights or user interaction. The vulnerability is present in the Android Open Source Project (AOSP) versions 14 and 15.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access beyond their current permissions.

Remediation

Users can update to the latest version of Android that includes the September 2025 security patch to address this vulnerability.

Added: Sep 4, 2025, 7:41 PM

Updated: Sep 4, 2025, 7:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.0

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Settings SpaActivity Cross-User Permission Bypass Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating