DeviceId.java in Android Devices: Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

10.0

DeviceId.java in Android Devices: Privilege Escalation Risk

CVE-2025-48611

Summary

A missing check in a Java code file could allow a user with local access to gain more privileges on an Android device without needing any special permissions. This could be exploited without the user needing to interact with the device in any way. Users should ensure their Android devices are updated with the latest security patches to prevent this issue.

Original title

In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges neede...

Original description

nvd CVSS3.1 10.0

https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026