Description
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-17
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves improper input validation during the provisioning process. This flaw allows an attacker who has local access to an Android device to elevate privileges without executing additional code. The exploitation does not require user interaction, meaning the attacker can perform the attack directly after gaining physical or local access.

Affected Systems

Google Android. No specific affected versions are listed, indicating that any Android device containing the vulnerable provisioning components could be at risk, including recent releases available at the time of the advisory.

Risk and Exploitability

The EPSS score is less than 1%, implying a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because user interaction is not required and the flaw resides in local provisioning, an attacker with physical or local access can potentially exploit the flaw. No CVSS score is provided in the data, so the exact severity cannot be quantified beyond the stated local privilege escalation impact.

Generated by OpenCVE AI on June 17, 2026 at 18:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Android OS to the latest version that includes the security fix for the provisioning bypass, as described in the official Android security bulletin.
  • Apply any vendor‑issued security patch hotfixes that specifically address the improper input validation in the provisioning process.
  • If a temporary workaround is available, restrict provisioning operations by disabling or limiting provisioning paths that allow untrusted input, ensuring strict validation before accepting provisioning requests.

Generated by OpenCVE AI on June 17, 2026 at 18:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Wed, 17 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Description In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-17T13:51:56.727Z

Reserved: 2025-05-22T18:12:46.994Z

Link: CVE-2025-48643

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T07:30:04Z

Weaknesses

No weakness.