CVE-2025-48609 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 3, 2026
MmsProvider - Path Traversal
Published: March 2, 2026Updated: March 3, 2026Remote Exploitable
Overview
MmsProvider.java contains a path traversal vulnerability caused by improper file path validation, letting attackers delete arbitrary files affecting telephony, SMS, and MMS functionalities, exploit requires no special privileges or user interaction.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can delete critical files locally, causing denial of service in telephony, SMS, and MMS services.
Mitigation
Update to the latest version with the path traversal fix.
Related Resources
Details
- CVE ID
- CVE-2025-48609
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- path_traversal
- Status
- confirmed
CWE
- CWE-400
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H