Home / Vulnerability Intelligence / CVE-2025-48582

CVE-2025-48582 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 3, 2026

Unspecified Product - Privilege Escalation

Published: March 2, 2026Updated: March 3, 2026

Overview

An unspecified product contains a local privilege escalation caused by intent redirect allowing media deletion without MANAGE_EXTERNAL_STORAGE permission, letting local attackers escalate privileges without user interaction.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 0.3%(Probability of exploitation in next 30 days)

Impact

Local attackers can delete media and escalate privileges without needing additional execution rights or user interaction.

Mitigation

Update to the latest version or apply vendor patches addressing intent redirect and permission checks.

References

https://source.android.com/security/bulletin/2026-03-01

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 3, 2026

🟠 CVE-2025-48582 - High (8.4) In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interact... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48582/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-48582
Severity: High
CVSS Score: 8.4
Type: broken_access_control
Status: confirmed
EPSS: 0.3%
Social Posts: 1

CWE

CWE-59

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.3%Probability of exploitation in the next 30 days