ASB-A-374257207

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-374257207.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-374257207

Aliases

A-374257207
CVE-2025-22430

Published

2025-04-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2025-04-01

Affected versions

Other

15-next

Ecosystem specific

{
    "spl": "2025-04-01",
    "types": [
        "ID"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/389e4cf737571bf0c438239400295fd229acc3e8"
    ],
    "vanir_signatures": [
        {
            "digest": {
                "line_hashes": [
                    "321446519818953500431330879684186164787",
                    "291294078306013525331275988611652788630",
                    "56476649094333308610883360736278233945",
                    "66929179648585267753078961545746891048",
                    "216698286285820199523426823288555281039",
                    "8346555484311413808854397499154355042",
                    "20895675777627396203762780193256024499",
                    "110160390254737233290409234959017968074",
                    "23736838960835562248806256791153436787"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "services/core/java/com/android/server/trust/TrustManagerService.java"
            },
            "id": "ASB-A-374257207-28674fa3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/389e4cf737571bf0c438239400295fd229acc3e8",
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "38751169905517304207638231429544339956",
                "length": 235.0
            },
            "target": {
                "file": "services/core/java/com/android/server/trust/TrustManagerService.java",
                "function": "isInSignificantPlace"
            },
            "id": "ASB-A-374257207-3859db03",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/389e4cf737571bf0c438239400295fd229acc3e8",
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "digest": {
                "line_hashes": [
                    "156000479443855258528774032689142242144",
                    "154449135365432431231001049420813553775",
                    "155717844685745612035015824657523600415"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "core/java/android/app/trust/TrustManager.java"
            },
            "id": "ASB-A-374257207-8d6e9531",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/389e4cf737571bf0c438239400295fd229acc3e8",
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        }
    ],
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-374257207.json"