CVE-2025-48554

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Weakness

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	13.0 (including)	13.0 (including)
Android	Google	14.0 (including)	14.0 (including)
Android	Google	15.0 (including)	15.0 (including)
Android	Google	16.0 (including)	16.0 (including)

https://cwe.mitre.org/data/definitions/1.html
https://cwe.mitre.org/data/definitions/107.html
https://cwe.mitre.org/data/definitions/127.html
https://cwe.mitre.org/data/definitions/17.html
https://cwe.mitre.org/data/definitions/20.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/237.html
https://cwe.mitre.org/data/definitions/36.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/480.html
https://cwe.mitre.org/data/definitions/51.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/65.html
https://cwe.mitre.org/data/definitions/668.html
https://cwe.mitre.org/data/definitions/74.html
https://cwe.mitre.org/data/definitions/87.html

References

https://android.googlesource.com/platform/frameworks/base/+/660c7075dc00d23a47f8b2018d62c66b8e27c450
https://source.android.com/security/bulletin/2025-09-01

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-48554
CWE	https://cwe.mitre.org/data/definitions/693.html

Protection Mechanism Failure

Weakness

Affected Software

Related Attack Patterns

References