CVE-2025-48629
HIGHDescription
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Is your site exposed to CVE-2025-48629?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| android | |
| android | |
| android | |
| android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-48629? +
How severe is CVE-2025-48629? +
What products are affected by CVE-2025-48629? +
How do I check if I'm vulnerable to CVE-2025-48629? +
Related Vulnerabilities
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when …
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default …
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific …
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel …