CVE-2025-48608 - Google SettingsProvider Cross-User Media Read Vulnerability
CVE ID : CVE-2025-48608
Published : Dec. 8, 2025, 6:15 p.m. | 1 hour, 59 minutes ago
Description : In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Dec. 8, 2025, 6:15 p.m. | 1 hour, 59 minutes ago
Description : In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...