ASB-A-406763872

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-406763872.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-406763872

Aliases

A-406763872
CVE-2025-32324

Published

2025-09-01T00:00:00Z

Modified

2025-10-16T15:26:20.871763Z

Summary

[none]

Details

In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16-next:0

Fixed

16-next:2025-09-01

Affected versions

Other

16-next

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fca9c788b3364017b021544ec9594b43c93c9d29"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerShellCommand.java",
                "function": "onCommand"
            },
            "id": "ASB-A-406763872-f13022cd",
            "digest": {
                "length": 5931.0,
                "function_hash": "213738839934792570755609595056424607326"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fca9c788b3364017b021544ec9594b43c93c9d29"
        },
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerShellCommand.java"
            },
            "id": "ASB-A-406763872-f72751e5",
            "digest": {
                "line_hashes": [
                    "277472483570310443554649752508437610294",
                    "271991788737032558508827576779721730867",
                    "270586444918517067921252002381739661394",
                    "169062682699780730607004408801798937605",
                    "246151562963722622899681724648247786506",
                    "105103137422926747685189770179435141323",
                    "333076504460159676371228333002560705836",
                    "215664126275953478246350045277998730221",
                    "263835634168807192073843221255401220485",
                    "302995394820661178675232868348972694433",
                    "139787834065667595998987686951281735568",
                    "200838154636922522525854984276619399646",
                    "160487007457949671814478683653197599720",
                    "100725039237933242708454026680112322729",
                    "12711774417692576766033028299880672384",
                    "67841973961292751820946283339214161757",
                    "64377571066099488212851770765831211700",
                    "316951876827181092656507627433633630558"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fca9c788b3364017b021544ec9594b43c93c9d29"
        }
    ],
    "spl": "2025-09-01"
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15:0

Fixed

15:2025-09-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b04474764693d7ad05c64925a271c94574c6cb11"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerShellCommand.java",
                "function": "onCommand"
            },
            "id": "ASB-A-406763872-80e40b48",
            "digest": {
                "length": 5610.0,
                "function_hash": "307496182829459779372876339580988231691"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b04474764693d7ad05c64925a271c94574c6cb11"
        },
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerShellCommand.java"
            },
            "id": "ASB-A-406763872-df909262",
            "digest": {
                "line_hashes": [
                    "277472483570310443554649752508437610294",
                    "271991788737032558508827576779721730867",
                    "270586444918517067921252002381739661394",
                    "169062682699780730607004408801798937605",
                    "246151562963722622899681724648247786506",
                    "105103137422926747685189770179435141323",
                    "333076504460159676371228333002560705836",
                    "215664126275953478246350045277998730221",
                    "263835634168807192073843221255401220485",
                    "302995394820661178675232868348972694433",
                    "139787834065667595998987686951281735568",
                    "200838154636922522525854984276619399646",
                    "160487007457949671814478683653197599720",
                    "100725039237933242708454026680112322729",
                    "12711774417692576766033028299880672384",
                    "67841973961292751820946283339214161757",
                    "64377571066099488212851770765831211700",
                    "316951876827181092656507627433633630558"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b04474764693d7ad05c64925a271c94574c6cb11"
        }
    ],
    "spl": "2025-09-01"
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

16:0

Fixed

16:2025-09-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c96de2de142edb854d39f5197c2f0fe6618aa482"
    ],
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerShellCommand.java"
            },
            "id": "ASB-A-406763872-1184d545",
            "digest": {
                "line_hashes": [
                    "277472483570310443554649752508437610294",
                    "271991788737032558508827576779721730867",
                    "270586444918517067921252002381739661394",
                    "169062682699780730607004408801798937605",
                    "246151562963722622899681724648247786506",
                    "105103137422926747685189770179435141323",
                    "333076504460159676371228333002560705836",
                    "215664126275953478246350045277998730221",
                    "263835634168807192073843221255401220485",
                    "302995394820661178675232868348972694433",
                    "139787834065667595998987686951281735568",
                    "200838154636922522525854984276619399646",
                    "160487007457949671814478683653197599720",
                    "100725039237933242708454026680112322729",
                    "12711774417692576766033028299880672384",
                    "67841973961292751820946283339214161757",
                    "64377571066099488212851770765831211700",
                    "316951876827181092656507627433633630558"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c96de2de142edb854d39f5197c2f0fe6618aa482"
        },
        {
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerShellCommand.java",
                "function": "onCommand"
            },
            "id": "ASB-A-406763872-82e7d0f0",
            "digest": {
                "length": 5840.0,
                "function_hash": "130877303433342042913473096369566809268"
            },
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c96de2de142edb854d39f5197c2f0fe6618aa482"
        }
    ],
    "spl": "2025-09-01"
}