CVE-2025-8192

Severity CVSS v4.0:

MEDIUM

Type:

Unavailable / Other

Publication date:

31/07/2025

Last modified:

31/07/2025

Description

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 6.90 MEDIUM
Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

Attack Vector (AV): Local
Attack Complexity (AC): High
Attack Requirements (AT): Present
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): High
Availability (SA): None

Base Score 4.0

6.90

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60309