Home / Vulnerability Intelligence / CVE-2025-48609

CVE-2025-48609 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 3, 2026

MmsProvider - Path Traversal

Published: March 2, 2026Updated: March 3, 2026Remote Exploitable

Overview

MmsProvider.java contains a path traversal vulnerability caused by improper file path validation, letting attackers delete arbitrary files affecting telephony, SMS, and MMS functionalities, exploit requires no special privileges or user interaction.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 3.9%(Probability of exploitation in next 30 days)

Impact

Attackers can delete critical files locally, causing denial of service in telephony, SMS, and MMS services.

Mitigation

Update to the latest version with the path traversal fix.

References

https://source.android.com/security/bulletin/2026-03-01

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 3, 2026

🔴 CVE-2025-48609 - Critical (9.1) In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execut... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48609/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-48609
Severity: Critical
CVSS Score: 9.1
Type: path_traversal
Status: confirmed
EPSS: 3.9%
Social Posts: 1

CWE

CWE-400

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score

3.9%Probability of exploitation in the next 30 days