CVE-2025-0087 is a local elevation of privilege vulnerability affecting Google Android versions 13, 14, and 15. The flaw exists in the onCreate method of the UninstallerActivity.java component, where a missing permission check allows an attacker to uninstall applications belonging to other users on the same device. This vulnerability arises because the UninstallerActivity does not properly verify that the uninstall request is authorized for the targeted app, enabling a malicious local user or process to remove apps they should not have control over. Exploitation does not require any additional execution privileges beyond local access, nor does it require user interaction, making it a stealthy and potentially impactful vulnerability. Although no known exploits are currently reported in the wild, the vulnerability's nature suggests that an attacker with local access could leverage it to disrupt other users' environments or remove security-critical applications, potentially weakening device security or causing denial of service. The absence of a CVSS score means the severity must be assessed based on the impact on confidentiality, integrity, and availability, as well as ease of exploitation and scope of affected systems.

For European organizations, this vulnerability poses a significant risk especially in environments where Android devices are shared among multiple users or used in enterprise contexts with multi-user profiles. The ability to uninstall other users' apps without permission could lead to disruption of business-critical applications, loss of security controls, or removal of monitoring tools, thereby degrading device integrity and availability. Confidentiality impact is limited since the vulnerability does not directly expose data, but the integrity and availability of applications and services on affected devices are at risk. In sectors such as healthcare, finance, and government where Android devices may be used for sensitive operations, this could lead to operational disruptions or compliance violations. The lack of required user interaction and no need for elevated privileges beyond local access means that insider threats or malware with local execution capabilities could exploit this vulnerability with relative ease.

To mitigate CVE-2025-0087, organizations should prioritize updating affected Android devices to patched versions once Google releases security updates addressing this issue. Until patches are available, organizations should enforce strict device access controls to limit local user privileges and prevent unauthorized users from gaining local access. Employ mobile device management (MDM) solutions to monitor and restrict app installations and uninstallations, and consider disabling multi-user profiles if not required. Additionally, audit device logs regularly to detect unusual uninstall activities. For high-security environments, consider deploying endpoint protection solutions that can detect and block unauthorized app removal attempts. Finally, educate users about the risks of local device access and enforce policies that restrict physical and logical access to corporate Android devices.