Primary

Context

Android Framework Tapjacking Vulnerability Leading to Local Privilege Escalation

Vulnerability

A tapjacking vulnerability has been identified in the Android Framework, allowing an overlay attack that could trick users into unintentionally accepting permissions. This issue could lead to local privilege escalation without requiring additional execution privileges. The vulnerability is present in multiple Android versions.

Impact

Exploitation of this vulnerability could result in unauthorized permission grants, allowing for elevated privileges on the affected device.

Reproduction

The vulnerability can be reproduced by creating an overlay that covers a permission request. Once the overlay is in place, the user can be manipulated into accepting the permission, which can then be exploited to gain elevated privileges.

Remediation

Users can update their devices to the December 2025 security patch level to address this vulnerability.

Added: Dec 8, 2025, 5:44 PM

Updated: Dec 8, 2025, 7:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.4

remediation

0.0

relevance

1.3

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.4

remediation

0.0

relevance

1.3

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Framework Tapjacking Vulnerability Leading to Local Privilege Escalation

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating