Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
TaskFragmentOrganizerController Java Code Has Privilege Escalation Risk
CVE-2025-48635
Summary
A coding error in TaskFragmentOrganizerController can allow an attacker to gain unauthorized access to sensitive information. This issue can be exploited without user interaction. To fix the issue, update the code to prevent activity token leaks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – |
Original title
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no add...
Original description
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
7.7
Vulnerability type
CWE-200
Information Exposure
CWE-532
Insertion of Sensitive Information into Log File
CWE-693
Protection Mechanism Failure
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026