Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.2
WordPress ProfilingService Vulnerability: Malicious Input Can Crash Server
CVE-2025-48587
ASB-A-425360073
Summary
A bug in the ProfilingService of WordPress can allow an attacker to crash the server without needing to log in or execute any code. This can happen if the attacker sends malicious input to the server. To prevent this, update the ProfilingService to properly validate user input.
What to do
- Update google platform/packages/modules/profiling to version 16-qpr2-next:2026-03-01.
- Update google platform/packages/modules/profiling to version 16:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 16.0 | – | |
| platform/packages/modules/profiling | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/packages/modules/profiling | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 |
Original title
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional exec...
Original description
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
6.2
Vulnerability type
CWE-20
Improper Input Validation
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026