Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
Android Browser Can Access Unauthorized Files
CVE-2025-48636
Summary
A security issue in Android's BugreportContentProvider allows an attacker to read and write files they shouldn't be able to access. This could let an attacker gain more access to the device than they should have. To protect against this, make sure to keep your Android operating system up to date with the latest security patches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 16.0 | – |
Original title
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no ad...
Original description
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
8.4
Vulnerability type
CWE-22
Path Traversal
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026