CVE-2025-32328 is a vulnerability identified in Google Android operating system versions 13, 14, and 15, specifically within multiple functions of the Session.java file. The root cause is a logic error that improperly handles user session data, enabling a local attacker to access images belonging to other users on the same device. This flaw constitutes an elevation of privilege because it allows a user with limited privileges to gain unauthorized access to sensitive data without requiring additional execution privileges or user interaction. The vulnerability affects confidentiality by exposing private images, integrity by potentially allowing unauthorized modification of user data, and availability if exploited to disrupt normal user sessions. The attack vector is local, meaning the attacker must have physical or local access to the device, but no complex conditions such as social engineering or elevated privileges are needed. The CVSS v3.1 base score of 7.8 reflects a high severity level, with metrics indicating low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no known exploits have been reported in the wild, the vulnerability's nature and impact make it a critical concern for Android users and organizations relying on these versions. The absence of patch links suggests that a fix may still be pending or in development, underscoring the need for vigilance and interim mitigations.

The vulnerability allows unauthorized local users to access images belonging to other users on the same Android device, breaching confidentiality and potentially leading to privacy violations. This can be particularly damaging in multi-user environments such as shared devices or corporate-owned mobile devices with multiple profiles. The integrity of user data may also be compromised if attackers manipulate or delete images or other session-related data. Availability could be affected if exploitation disrupts session management or causes application crashes. Organizations relying on Android devices for sensitive communications or data storage face increased risk of data leakage and insider threats. The ease of exploitation without user interaction or elevated privileges increases the likelihood of exploitation once a local attacker gains device access. This may facilitate further attacks or lateral movement within an organization’s mobile ecosystem. The lack of known exploits in the wild currently limits immediate widespread impact, but the vulnerability remains a significant risk until patched.

1. Monitor official Google Android security bulletins and apply patches promptly once released for versions 13, 14, and 15. 2. Enforce strict physical security controls to limit local access to devices, reducing the risk of local exploitation. 3. Implement device encryption and strong authentication mechanisms to prevent unauthorized local access. 4. Use mobile device management (MDM) solutions to restrict installation of untrusted applications and enforce security policies. 5. Limit the number of users on shared devices and segregate user profiles to minimize cross-user data exposure. 6. Conduct regular audits of device usage and access logs to detect suspicious local activity. 7. Educate users about the risks of leaving devices unattended or accessible to untrusted individuals. 8. Consider disabling or restricting features that allow multiple user sessions if not required. These measures, combined with timely patching, will reduce the risk and impact of exploitation.