CVE-2025-32324

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

04/09/2025

Last modified:

04/09/2025

Description

In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Impact

References to Advisories, Solutions, and Tools

https://android.googlesource.com/platform/frameworks/base/+/0fb2788dac393086b7e53fbe05414368ae395d9b
https://source.android.com/security/bulletin/2025-09-01