CVE List - 2025 / September
Showing 601 - 700 of 4322 CVEs for September 2025 (Page 7 of 44)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-48530 | 2025-09-04 | In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other... |
| CVE-2025-48533 | 2025-09-04 | In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local... |
| CVE-2024-49714 | 2025-09-04 | In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional... |
| CVE-2025-0076 | 2025-09-04 | In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no... |
| CVE-2025-0089 | 2025-09-04 | In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2025-26454 | 2025-09-04 | In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with... |
| CVE-2025-26464 | 2025-09-04 | In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2025-32321 | 2025-09-04 | In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no... |
| CVE-2025-32323 | 2025-09-04 | In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could... |
| CVE-2025-32324 | 2025-09-04 | In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-32325 | 2025-09-04 | In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-32326 | 2025-09-04 | In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no... |
| CVE-2025-32327 | 2025-09-04 | In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-32330 | 2025-09-04 | In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjacent) information disclosure with... |
| CVE-2025-32331 | 2025-09-04 | In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2025-32332 | 2025-09-04 | In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-32333 | 2025-09-04 | In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2025-32345 | 2025-09-04 | In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code.... |
| CVE-2025-32346 | 2025-09-04 | In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-32347 | 2025-09-04 | In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional... |
| CVE-2025-32349 | 2025-09-04 | In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2025-32350 | 2025-09-04 | In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-48522 | 2025-09-04 | In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation... |
| CVE-2025-48523 | 2025-09-04 | In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2025-48524 | 2025-09-04 | In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2025-48526 | 2025-09-04 | In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local... |
| CVE-2025-48527 | 2025-09-04 | In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information disclosure with... |
| CVE-2025-48528 | 2025-09-04 | In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-48529 | 2025-09-04 | In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2025-48531 | 2025-09-04 | In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-48532 | 2025-09-04 | In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional... |
| CVE-2025-48534 | 2025-09-04 | In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution... |
| CVE-2025-48535 | 2025-09-04 | In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead to local... |
| CVE-2025-48537 | 2025-09-04 | In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2025-48538 | 2025-09-04 | In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no... |
| CVE-2025-48539 | 2025-09-04 | In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution... |
| CVE-2025-48540 | 2025-09-04 | In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2025-48541 | 2025-09-04 | In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with... |
| CVE-2025-48542 | 2025-09-04 | In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges... |
| CVE-2025-48543 | 2025-09-04 | In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege... |
| CVE-2025-48544 | 2025-09-04 | In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional... |
| CVE-2025-48545 | 2025-09-04 | In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no... |
| CVE-2025-48546 | 2025-09-04 | In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2025-48547 | 2025-09-04 | In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-48548 | 2025-09-04 | In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of... |
| CVE-2025-48549 | 2025-09-04 | In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2025-48550 | 2025-09-04 | In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution... |
| CVE-2025-48551 | 2025-09-04 | In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with... |
| CVE-2025-48552 | 2025-09-04 | In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2025-48553 | 2025-09-04 | In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2025-48554 | 2025-09-04 | In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no... |
| CVE-2025-48556 | 2025-09-04 | In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-48558 | 2025-09-04 | In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local escalation of... |
| CVE-2025-48559 | 2025-09-04 | In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with... |
| CVE-2025-48560 | 2025-09-04 | In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution... |
| CVE-2025-48561 | 2025-09-04 | In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no... |
| CVE-2025-48562 | 2025-09-04 | In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2025-48563 | 2025-09-04 | In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-48581 | 2025-09-04 | In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation... |
| CVE-2024-49731 | 2025-09-04 | In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This... |
| CVE-2025-22414 | 2025-09-04 | In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-22415 | 2025-09-04 | In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-40664 | 2025-09-04 | In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial... |
| CVE-2025-26419 | 2025-09-04 | In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-26431 | 2025-09-04 | In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of... |
| CVE-2025-26439 | 2025-09-04 | In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the... |
| CVE-2025-58353 | 2025-09-04 | Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns |
| CVE-2025-32322 | 2025-09-04 | In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead... |
| CVE-2025-58361 | 2025-09-04 | Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG |
| CVE-2025-55190 | 2025-09-04 | Argo CD: Project API Token Exposes Repository Credentials |
| CVE-2025-55209 | 2025-09-04 | FreePBX UCP is Vulnerable to Stored XSS Through its User Control Panel |
| CVE-2025-55305 | 2025-09-04 | Electron is vulnerable to Code Injection via resource modification |
| CVE-2025-55244 | 2025-09-04 | Azure Bot Service Elevation of Privilege Vulnerability |
| CVE-2025-55242 | 2025-09-04 | Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability |
| CVE-2025-54914 | 2025-09-04 | Azure Networking Elevation of Privilege Vulnerability |
| CVE-2025-55238 | 2025-09-04 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability |
| CVE-2025-55241 | 2025-09-04 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2025-55739 | 2025-09-04 | api: Shared OAuth Signing Key Between Different Instances |
| CVE-2025-58352 | 2025-09-04 | Weblate has long session expiry times during second factor verification |
| CVE-2025-58179 | 2025-09-04 | Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint |
| CVE-2025-58359 | 2025-09-04 | frost-core: refresh shares with smaller min_signers will reduce group security |
| CVE-2025-58362 | 2025-09-04 | Hono contains a flaw in URL path parsing, potentially leading to path confusion |
| CVE-2025-58780 | 2025-09-05 | index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability." |
| CVE-2025-9990 | 2025-09-05 | WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion |
| CVE-2025-7445 | 2025-09-05 | Kubernetes secrets-store-sync-controller discloses service account tokens in logs |
| CVE-2025-8684 | 2025-09-05 | Flatsome <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-58401 | 2025-09-05 | Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account. |
| CVE-2025-55037 | 2025-09-05 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command... |
| CVE-2025-55671 | 2025-09-05 | Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program. |
| CVE-2025-41408 | 2025-09-05 | Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access... |
| CVE-2025-58400 | 2025-09-05 | RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory... |
| CVE-2025-8944 | 2025-09-05 | OceanWP < 4.1.2 - Subscriber+ Limited Option Update |
| CVE-2025-48395 | 2025-09-05 | An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has... |
| CVE-2025-58276 | 2025-09-05 | Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58280 | 2025-09-05 | Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58281 | 2025-09-05 | Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58296 | 2025-09-05 | Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability. |
| CVE-2025-58313 | 2025-09-05 | Race condition vulnerability in the device standby module. Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module. |
| CVE-2024-21977 | 2025-09-05 | Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests. |
| CVE-2025-8695 | 2025-09-05 | Reflected XSS in Netcad Software's NetGIS Server |