1. Home
  2. CVE Database
  3. CVE-2025-22425
MEDIUM · 5.1

CVE-2025-22425

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges need...

Vulnerability Description

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
GoogleAndroid13.0

Related Weaknesses (CWE)

CWE-276

References

FAQ

What is CVE-2025-22425?

CVE-2025-22425 is a vulnerability with a CVSS score of 5.1 (MEDIUM). In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges need...

How severe is CVE-2025-22425?

CVE-2025-22425 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-22425?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android.