CVE-2025-22428 is a local elevation of privilege vulnerability affecting Google Android versions 13, 14, and 15. The flaw exists in the hasInteractAcrossUsersFullPermission method within the AppInfoBase.java component. Due to a logic error, an application running under a secondary user profile can be granted permissions from the primary user profile without proper authorization checks. This vulnerability allows an attacker with local access to escalate privileges from a secondary user context to gain higher permissions, potentially those of the primary user. Notably, exploitation does not require any additional execution privileges or user interaction, making it easier for a local attacker or malicious app to leverage this flaw. Although no known exploits are currently reported in the wild, the vulnerability’s presence in recent Android versions used widely across devices means it poses a significant risk. The absence of a CVSS score indicates that the vulnerability is newly disclosed, and detailed impact metrics have yet to be formally assessed. However, the technical details suggest a serious security weakness in Android’s multi-user permission model that could be abused to bypass user separation and privilege boundaries on affected devices.

For European organizations, the impact of CVE-2025-22428 could be substantial, especially for enterprises and government agencies that deploy Android devices with multi-user configurations or use Android tablets and smartphones in shared environments. An attacker exploiting this vulnerability could escalate privileges locally, potentially gaining access to sensitive data or administrative functions reserved for the primary user. This could lead to unauthorized data access, manipulation, or installation of persistent malicious software. In sectors such as finance, healthcare, and critical infrastructure, where Android devices are used for secure communications or operational control, this vulnerability could undermine device integrity and confidentiality. Additionally, the lack of required user interaction increases the risk of stealthy exploitation. Although the vulnerability requires local access, compromised or malicious apps could exploit it to elevate privileges without detection. This elevates the threat level for organizations relying on Android devices for secure operations, especially if endpoint security controls are insufficient to detect privilege escalation attempts.

To mitigate CVE-2025-22428, organizations should prioritize updating affected Android devices to patched versions as soon as Google releases security updates addressing this flaw. Until patches are available, organizations should restrict installation of untrusted or third-party applications, especially those requesting permissions related to user management or cross-user interactions. Employing mobile device management (MDM) solutions to enforce strict app whitelisting and permission controls can reduce the attack surface. Additionally, disabling or limiting multi-user profiles on corporate devices where not needed can minimize exposure. Security teams should monitor device logs for unusual permission changes or privilege escalations and conduct regular audits of installed applications. User education about the risks of installing apps from unverified sources is also critical. For high-security environments, consider deploying endpoint detection and response (EDR) tools capable of identifying local privilege escalation behaviors on Android platforms.