CVE-2025-48651_CVE-2025-48651

4 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Basic Information

ID CVE-2025-48651

Source google_android

Published Apr 6, 2026 at 18:20

Modified Apr 13, 2026 at 20:16

Affected Product

Vendor Google

Product Android

Version Android SoC

Affected Versions Google Android Android SoC

CWE Classification

References

source.android.com /docs/security/bulletin/2026/2026-04-01

{
    "lastseen": "",
    "description": "In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
    "published": "2026-04-06T18:20:31.044Z",
    "modified": "2026-04-13T20:16:29.740Z",
    "type": "cve",
    "title": "CVE-2025-48651",
    "source": "google_android",
    "references": "https://source.android.com/docs/security/bulletin/2026/2026-04-01",
    "id": "CVE-2025-48651",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Google Android Android SoC",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Android",
    "version": "Android SoC",
    "vendor": "Google",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}