Description
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 8.4 High
EPSS: 1.7% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow exists in multiple locations within the Android operating system, which can be triggered without user interaction. This flaw, classified as CWE‑190, enables code execution that raises a local attacker’s privileges, compromising the operating system’s integrity on the affected device.

Affected Systems

The vulnerability impacts Google Android devices running Android 14.0, Android 15.0, Android 16.0, as well as the Android 16.0 QPR2 beta releases (beta 1, beta 2, beta 3). All devices that incorporate the affected Android code base are susceptible until an official patch is applied.

Risk and Exploitability

The CVSS score of 8.4 classifies the flaw as high severity, and the EPSS score of 2% indicates a low but nonzero probability of exploitation. The vulnerability is listed in the CISA KEV catalog, confirming that known exploits exist. Because the flaw can be abused locally without user interaction, a local attacker might trigger the overflow to elevate privileges.

Generated by OpenCVE AI on June 24, 2026 at 13:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch or OTA update that addresses the integer overflow.
  • If the patch has not yet reached the device, enforce SELinux enforcement and audit policies to limit privilege escalation paths.
  • Restrict installation of untrusted third‑party applications and monitor the device for anomalous behavior.
  • Keep the device’s firmware up to date by regularly checking the manufacturer’s security updates.

Generated by OpenCVE AI on June 24, 2026 at 13:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow Enabling Local Privilege Escalation on Android

Wed, 24 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow Enabling Local Privilege Escalation on Android

Wed, 24 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow Enabling Local Privilege Escalation in Android

Wed, 24 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow Enabling Local Privilege Escalation in Android

Tue, 23 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Android Integer Overflow Leading to Local Privilege Escalation

Tue, 23 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Android Integer Overflow Leading to Local Privilege Escalation

Tue, 23 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Local Privilege Escalation in Android

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Local Privilege Escalation in Android
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Tue, 02 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 02 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-02T00:00:00+00:00', 'dueDate': '2026-06-05T00:00:00+00:00'}


Tue, 02 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android Leading to Local Privilege Escalation

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android Leading to Local Privilege Escalation
Weaknesses CWE-190

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-03T03:55:19.122Z

Reserved: 2025-05-22T18:12:07.428Z

Link: CVE-2025-48595

cve-icon Vulnrichment

Updated: 2026-06-01T22:08:54.947Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T22:16:18.093

Modified: 2026-06-02T20:19:29.653

Link: CVE-2025-48595

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:15:15Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound