CVE-2025-48642 PUBLISHED

Assigner: google_android
Reserved: 22.05.2025 Published: 02.03.2026 Updated: 06.03.2026

In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Product Status

Vendor	Google
Product	Android
Versions	Default: unaffected Version 16-qpr2 is affected Version 16 is affected Version 15 is affected Version 14 is affected

References

https://source.android.com/docs/security/bulletin/2026/2026-03-01

Problem Types

Information disclosure