CVE-2025-32320 is a vulnerability identified in the System UI component of Google Android version 16. The issue arises from a confused deputy problem, where the System UI improperly enforces access controls, allowing a local attacker to view images belonging to other users on the same device. This vulnerability enables a local escalation of privilege without requiring additional execution privileges or user interaction, meaning an attacker with limited access can exploit it silently. The vulnerability affects confidentiality by exposing private images, integrity by potentially allowing unauthorized modification of data, and availability by possibly disrupting normal system operations. It is classified under CWE-441, which involves improper access control leading to unauthorized resource access. The CVSS v3.1 base score is 7.8, reflecting high severity with attack vector local, low attack complexity, low privileges required, no user interaction, and high impacts on confidentiality, integrity, and availability. Although no public exploits are known yet and no patches have been released, the vulnerability poses a significant risk to multi-user Android devices, especially in environments where multiple user profiles exist on a single device. The System UI's role in managing user interface elements and access control makes this vulnerability critical to address promptly.

The vulnerability allows unauthorized local users to access other users' private images, breaching confidentiality and potentially leading to privacy violations. The elevation of privilege can enable attackers to perform actions beyond their intended permissions, compromising system integrity. Availability may also be affected if the exploit disrupts System UI operations. Organizations relying on Android 16 devices, particularly those supporting multiple user profiles or shared devices, face risks of data leakage and unauthorized access. This can lead to reputational damage, regulatory non-compliance (especially in privacy-sensitive sectors), and potential lateral movement within compromised devices. The lack of required user interaction and low privilege needed for exploitation increases the likelihood of successful attacks in environments where local access is possible, such as corporate or shared devices.

Until official patches are released, organizations should restrict physical and local access to Android 16 devices to trusted users only. Implement device management policies that limit the creation of multiple user profiles or restrict access between profiles. Monitor devices for unusual access patterns or unauthorized attempts to access other users' data. Employ endpoint detection and response (EDR) solutions capable of detecting privilege escalation attempts on Android devices. Educate users about the risks of sharing devices and encourage the use of strong authentication methods to limit unauthorized local access. Once patches become available from Google, prioritize immediate deployment across all affected devices. Additionally, consider isolating sensitive data using application-level encryption or sandboxing to reduce exposure in case of privilege escalation.