Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Android Lockscreen Bypass in KeyguardViewMediator Java File
CVE-2025-48577
ASB-A-413380719
Summary
A flaw in the Android lockscreen code could allow a malicious user to bypass the lockscreen without needing a password or other credentials. This could potentially give an attacker access to sensitive information on a device. Users should update their Android system to the latest version to fix this issue.
What to do
- Update google platform/frameworks/base to version 16-qpr2-next:2026-03-01.
- Update google platform/frameworks/base to version 15:2026-03-01.
- Update google platform/frameworks/base to version 16:2026-03-01.
- Update google platform/frameworks/base to version 14:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – | |
| android | 16.0 | – | |
| platform/frameworks/base | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/frameworks/base | > 15:0 , <= 15:2026-03-01 | 15:2026-03-01 | |
| platform/frameworks/base | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 | |
| platform/frameworks/base | > 14:0 , <= 14:2026-03-01 | 14:2026-03-01 |
Original title
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution priv...
Original description
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
7.4
Vulnerability type
CWE-362
Race Condition
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026