Primary

Context

Android Framework Intent Filter Bypass Vulnerability Allowing Local Privilege Escalation

Vulnerability

A race condition has been identified in the Android Framework that allows for an intent filter bypass. This vulnerability could lead to a local escalation of privilege, with no additional execution privileges required. Exploitation of this issue does not involve user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to elevated privileges, potentially allowing a user to perform actions or access resources that are normally restricted.

Reproduction

The vulnerability can be reproduced by creating an intent that declares its own type. If the intent type is changed after the initial declaration, it can bypass the intended filters, leading to unauthorized access or actions.

Remediation

Users can update to the December 2025 security patch level to address this vulnerability.

Added: Dec 8, 2025, 5:57 PM

Updated: Dec 8, 2025, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.9

remediation

0.0

relevance

1.4

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.9

remediation

0.0

relevance

1.4

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework Intent Filter Bypass Vulnerability Allowing Local Privilege Escalation

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating