Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
VBMeta: Local Privilege Escalation via Test Key Modification
CVE-2025-48613
Summary
A vulnerability in VBMeta allows an attacker to modify and re-sign the software with a test key, potentially leading to a local privilege escalation. This means an attacker could gain higher system access without needing additional permissions. To protect yourself, ensure you're only using trusted keys and regularly update VBMeta to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | All versions | – |
Original title
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privileg...
Original description
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
7.8
Vulnerability type
CWE-269
Improper Privilege Management
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026