Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Android CompanionDeviceManagerService Privilege Escalation
CVE-2025-48654
ASB-A-442392902
Summary
A mistake in Android code could allow a malicious app to gain higher-than-expected access to device features. This could happen without any user interaction. To protect your device, make sure to keep the Android operating system and apps up to date with the latest security patches.
What to do
- Update google platform/frameworks/base to version 16-qpr2-next:2026-03-01.
- Update google platform/frameworks/base to version 16:2026-03-01.
- Update google platform/frameworks/base to version 16-qpr2:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 16.0 | – | |
| android | 16.0 | – | |
| android | 16.0 | – | |
| android | 16.0 | – | |
| platform/frameworks/base | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/frameworks/base | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 | |
| platform/frameworks/base | > 16-qpr2:0 , <= 16-qpr2:2026-03-01 | 16-qpr2:2026-03-01 |
Original title
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...
Original description
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
7.8
Vulnerability type
CWE-610
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026