In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Conclusion & alert: CVE-2025-48572 is rated Active Exploitation (72.7/100): CVSS High severity, with low exploitation likelihood (EPSS 0.24%). Core evidence: CISA KEV confirms active exploitation (added 2025-12-02) affecting Android / Framework. a weakness (CWE-306) Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Android Framework Privilege Escalation Vulnerability · CISA KEV detail
: 2025-12-02
: 2025-12-23
: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-03-05 | 0.29% | 0.24% | -0.05% |
| 2 | 2026-02-14 | 0.25% | 0.29% | +0.04% |
| 3 | 2026-01-18 | — | 0.25% | — |
Full EPSS history (8 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| URL | Tags |
|---|---|
| https://android.googlesource.com/platform/frameworks/base/+/e707f6600330691f9c67dc023c09f4cd2fc59192 | Product |
| https://source.android.com/security/bulletin/2025-12-01 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48572 | Third Party Advisory US Government Resource |