What is the CVSS score of CVE-2025-48563?

CVE-2025-48563 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Android are affected by CVE-2025-48563?

CVE-2025-48563 presents notable security risk rated CVSS 7.8. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-48563?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Android CVE-2025-48563

HIGH

Insecure Default Variable Initialization (CWE-453)

2025-09-04 security@android.com

Privilege Escalation Google Android

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:10 vuln.today

CVE Published

Sep 04, 2025 - 19:15 nvd

HIGH 7.8

DescriptionNVD

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AnalysisAI

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-453. In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Affected products include: Google Android.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-48235 HIGH This Week

8.8 May 21

SQL injection in Open ISES Tickets before 3.44.2 allows attackers controlling or impersonating an InstaMapper or Google

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-48246 HIGH This Week

8.2 May 21

TLS certificate verification bypass in Open ISES Tickets before 3.44.2 allows network-positioned attackers to intercept

CVE-2026-48244 MEDIUM This Month

6.9 May 21

Hardcoded Google Maps API key exposure in Open ISES Tickets before v3.44.2 enables any party with read access to the pub

CVE-2026-48245 MEDIUM This Month

6.9 May 21

Open ISES Tickets exposes a hardcoded Google Maps API key committed directly to its public GitHub source repository in t

CVE-2025-48563 vulnerability details – vuln.today

Back

Android CVE-2025-48563

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code