CVE-2025-48582 - Vulnerability Analysis
HighCVSS: 8.4Last Updated: March 2, 2026
Unspecified Product - Privilege Escalation
Published: March 2, 2026Updated: March 2, 2026
Overview
An unspecified product contains a local privilege escalation caused by intent redirect allowing media deletion without MANAGE_EXTERNAL_STORAGE permission, letting local attackers escalate privileges without user interaction.
Severity & Score
Severity: High
CVSS Score: 8.4
Impact
Local attackers can delete media and escalate privileges without needing additional execution rights or user interaction.
Mitigation
Update to the latest version or apply vendor patches addressing intent redirect and permission checks.
Related Resources
Details
- CVE ID
- CVE-2025-48582
- Severity
- High
- CVSS Score
- 8.4
- Type
- broken_access_control
- Status
- unconfirmed
CWE
- CWE-59
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H