CVE-2025-32329
HIGHDescription
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Is your site exposed to CVE-2025-32329?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| android | |
| android | |
| android |
References
Frequently Asked Questions
What is CVE-2025-32329? +
How severe is CVE-2025-32329? +
What products are affected by CVE-2025-32329? +
How do I check if I'm vulnerable to CVE-2025-32329? +
Related Vulnerabilities
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead …
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code …
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of …
Google Nest WiFi Pro root code-execution & user-data compromise
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default …
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and …