Description
In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Multiple Android components can start a background activity without performing a permission check. The flaw allows a user‑owned application to launch privileged background tasks that run with higher privileges than the originating app, potentially compromising device security. The vulnerability requires no special user interaction, enabling a local attacker to elevate privileges by simply initiating the background activity.

Affected Systems

The flaw affects devices running Google Android. No specific version range is listed, so all installations prior to the fix are potentially vulnerable.

Risk and Exploitability

The CVSS score is 7.8, indicating a high‑impact flaw. The EPSS score of less than 1% suggests exploitation is unlikely but possible. The vulnerability is not listed in the CISA KEV catalog. Because no user interaction is needed, a local attacker can exploit it at any time. The impact is limited to the device, with no outbound network traffic required.

Generated by OpenCVE AI on June 2, 2026 at 18:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security update as documented in the June 2026 security bulletin.
  • After updating, reboot the device to ensure all permission checks are enforced.
  • Periodically review device logs for unexpected background activity launches and investigate any anomalies through the Android monitoring tools.

Generated by OpenCVE AI on June 2, 2026 at 18:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Title Background Activity Launch Missing Permission Check Allows Local Privilege Escalation
Weaknesses CWE-285
CWE-668

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Background Activity Launch Missing Permission Check Allows Local Privilege Escalation
Weaknesses CWE-285
CWE-668

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-02T13:35:08.382Z

Reserved: 2025-04-04T23:31:03.897Z

Link: CVE-2025-32348

cve-icon Vulnrichment

Updated: 2026-06-02T13:34:53.561Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-01T22:16:17.720

Modified: 2026-06-02T14:16:30.293

Link: CVE-2025-32348

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T16:45:13Z

Weaknesses

No weakness.