ASB-A-419110583
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-419110583.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-419110583
- Aliases
-
- A-419110583
- CVE-2025-48560
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2026-03-14T08:46:08.006214Z
- Summary
- [none]
- Details
-
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b3f09c0c6db6d1042e322a11566e62e50d57a48d"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/b3f09c0c6db6d1042e322a11566e62e50d57a48d",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-5cc8f157",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301826544658027282195736539410991680589",
"241489240719636648940533808393038507194",
"121914338973340193575623409954610145842",
"230045197167296366817343138388321575189",
"42407978915708908547764008180749561167",
"214097700148472782822892070422974568010",
"64434321684074765903821395758075092937",
"120911613887220890602132241618086398748",
"21097630956711099862544642221167240859",
"126948329630034975549910188004366985628",
"109832590222423783270828607001203340830",
"34361837204415087127668824749778835599",
"173049177206975142893235649085082344677",
"254922200697860877527276874271446894228",
"151581207390521523902056436214696785066",
"235867615228205662944787841295196238307",
"243505508205445333079570145871608780231",
"325924406532301069729694441847805175802",
"161453343043066774008697681446371561562",
"96932138956443754705353571963513555456",
"235231244350441363069281554692485097466"
]
},
"signature_type": "Line",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/b3f09c0c6db6d1042e322a11566e62e50d57a48d",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-bfd054c0",
"digest": {
"length": 734.0,
"function_hash": "247910776409007770536923409759502639450"
},
"signature_type": "Function",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java",
"function": "setServiceInfo"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/b3f09c0c6db6d1042e322a11566e62e50d57a48d",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-d2732663",
"digest": {
"length": 2533.0,
"function_hash": "181688022410952913425704539083324405302"
},
"signature_type": "Function",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java",
"function": "setDynamicallyConfigurableProperties"
}
}
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/01bfef47f3b1a14c0bafc2ede609582fc3ba39e7"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/01bfef47f3b1a14c0bafc2ede609582fc3ba39e7",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-0e283351",
"digest": {
"length": 2533.0,
"function_hash": "181688022410952913425704539083324405302"
},
"signature_type": "Function",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java",
"function": "setDynamicallyConfigurableProperties"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/01bfef47f3b1a14c0bafc2ede609582fc3ba39e7",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-477d1511",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301826544658027282195736539410991680589",
"241489240719636648940533808393038507194",
"121914338973340193575623409954610145842",
"230045197167296366817343138388321575189",
"42407978915708908547764008180749561167",
"214097700148472782822892070422974568010",
"64434321684074765903821395758075092937",
"120911613887220890602132241618086398748",
"21097630956711099862544642221167240859",
"126948329630034975549910188004366985628",
"109832590222423783270828607001203340830",
"34361837204415087127668824749778835599",
"173049177206975142893235649085082344677",
"254922200697860877527276874271446894228",
"151581207390521523902056436214696785066",
"235867615228205662944787841295196238307",
"243505508205445333079570145871608780231",
"325924406532301069729694441847805175802",
"161453343043066774008697681446371561562",
"96932138956443754705353571963513555456",
"235231244350441363069281554692485097466"
]
},
"signature_type": "Line",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/01bfef47f3b1a14c0bafc2ede609582fc3ba39e7",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-96d9dbef",
"digest": {
"length": 734.0,
"function_hash": "247910776409007770536923409759502639450"
},
"signature_type": "Function",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java",
"function": "setServiceInfo"
}
}
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"ID"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a42c894ef7c62159cfc97b38409ffaa43d7f4eaf"
],
"spl": "2025-09-01",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/a42c894ef7c62159cfc97b38409ffaa43d7f4eaf",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-03ab8a90",
"digest": {
"threshold": 0.9,
"line_hashes": [
"301826544658027282195736539410991680589",
"241489240719636648940533808393038507194",
"121914338973340193575623409954610145842",
"230045197167296366817343138388321575189",
"42407978915708908547764008180749561167",
"214097700148472782822892070422974568010",
"64434321684074765903821395758075092937",
"120911613887220890602132241618086398748",
"21097630956711099862544642221167240859",
"126948329630034975549910188004366985628",
"109832590222423783270828607001203340830",
"34361837204415087127668824749778835599",
"173049177206975142893235649085082344677",
"254922200697860877527276874271446894228",
"151581207390521523902056436214696785066",
"235867615228205662944787841295196238307",
"243505508205445333079570145871608780231",
"325924406532301069729694441847805175802",
"161453343043066774008697681446371561562",
"96932138956443754705353571963513555456",
"235231244350441363069281554692485097466"
]
},
"signature_type": "Line",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/a42c894ef7c62159cfc97b38409ffaa43d7f4eaf",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-2ae20980",
"digest": {
"length": 2533.0,
"function_hash": "181688022410952913425704539083324405302"
},
"signature_type": "Function",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java",
"function": "setDynamicallyConfigurableProperties"
}
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/a42c894ef7c62159cfc97b38409ffaa43d7f4eaf",
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-419110583-630f6d50",
"digest": {
"length": 734.0,
"function_hash": "247910776409007770536923409759502639450"
},
"signature_type": "Function",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AbstractAccessibilityServiceConnection.java",
"function": "setServiceInfo"
}
}
],
"severity": "High"
}