CVE-2025-48543
CVE-2025-48543
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 0.5%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
04 Sep 2025Active exploitation (CISA KEV)
04 Sep 2025Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Chrome allows an attacker to escape the browser's sandbox and gain unauthorized access to Android's system processes. This means someone can run malicious code with high system privileges without needing the user to do anything special.
Technical detail
Use-after-free vulnerability in Chrome's sandbox implementation enables local privilege escalation targeting Android system_server. The attack requires no additional execution privileges or user interaction, allowing an unprivileged process to break sandbox confinement and execute code with elevated system capabilities.
Summary generated and translated by AI from the official description.
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Google · Android