CVE-2025-32321

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

04/09/2025

Last modified:

04/09/2025

Description

In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Impact

References to Advisories, Solutions, and Tools

https://android.googlesource.com/platform/packages/apps/Settings/+/bb6e84fd04fcc3594750645982f8c667b0cd8c5e
https://source.android.com/security/bulletin/2025-09-01