Primary

Context

Android Telephony Framework Voicemail Ringtone URI Cross-User Data Leak Vulnerability

Vulnerability

A cross-user data leak vulnerability has been identified in the Android Telephony framework, specifically within the VoicemailNotificationSettingsUtil component. This issue arises from a confused deputy scenario, allowing local information disclosure without requiring additional execution privileges or user interaction. The vulnerability exists in Android versions 13, 14, 15, and 16.

Impact

Exploitation of this vulnerability could lead to unauthorized access to voicemail notification settings across different user profiles, potentially allowing a malicious app to intercept or manipulate voicemail notification sounds.

Remediation

Users can update their devices to the September 2025 security patch level to address this vulnerability. Instructions for checking and updating the Android version are available on the Google Support website.

Added: Sep 4, 2025, 7:32 PM

Updated: Sep 4, 2025, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Telephony Framework Voicemail Ringtone URI Cross-User Data Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating