Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
Android Media App Allows Unauthorized File Access
CVE-2025-48579
ASB-A-417195606
Summary
A security issue in Android's Media app allows an attacker to access files on the device without permission. This could allow an attacker to gain access to sensitive information. To fix the issue, update your Android system to the latest version.
What to do
- Update google platform/packages/providers/mediaprovider to version 16-qpr2-next:2026-03-01.
- Update google platform/packages/providers/mediaprovider to version 15:2026-03-01.
- Update google platform/packages/providers/mediaprovider to version 16:2026-03-01.
- Update google platform/packages/providers/mediaprovider to version 14:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – | |
| android | 16.0 | – | |
| platform/packages/providers/mediaprovider | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/packages/providers/mediaprovider | > 15:0 , <= 15:2026-03-01 | 15:2026-03-01 | |
| platform/packages/providers/mediaprovider | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 | |
| platform/packages/providers/mediaprovider | > 14:0 , <= 14:2026-03-01 | 14:2026-03-01 |
Original title
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no addition...
Original description
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
8.4
Vulnerability type
CWE-441
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026