CVE-2025-32346 is a high-severity elevation of privilege vulnerability affecting Google Android version 16. The flaw exists in the onActivityResult method of the VoicemailSettingsActivity.java component. Specifically, it involves a confused deputy problem where a work profile contact number may be leaked improperly. This leakage can be exploited locally to escalate privileges without requiring any additional execution privileges or user interaction. The vulnerability is classified under CWE-441, which relates to incorrect handling of sensitive data leading to information leaks. The CVSS v3.1 base score is 7.8, indicating a high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no known exploits are currently in the wild and no patches have been linked yet, the vulnerability allows an attacker with limited local access to gain elevated privileges by exploiting the confused deputy issue in the voicemail settings activity. This could lead to unauthorized access to sensitive work profile contact information and potentially further compromise of the device or data.

For European organizations, this vulnerability poses a significant risk especially in environments where Android devices are used to separate personal and work profiles, such as in BYOD (Bring Your Own Device) scenarios or corporate mobile device management. The leakage of work profile contact numbers could expose sensitive corporate contact information, facilitating social engineering or targeted attacks. The elevation of privilege could allow attackers to bypass security controls, access restricted data, or install malicious software, undermining device integrity and confidentiality. Given the high impact on confidentiality, integrity, and availability, this vulnerability could disrupt business operations, lead to data breaches, and damage organizational reputation. The lack of required user interaction increases the risk of stealthy exploitation, making it a critical concern for organizations relying on Android devices for secure communications and data handling.

Organizations should prioritize updating affected Android devices to patched versions as soon as they become available from Google or device manufacturers. Until patches are released, applying strict mobile device management (MDM) policies to limit local access and enforce least privilege principles can reduce risk. Disabling or restricting the use of voicemail settings or work profile features on vulnerable devices may mitigate exposure. Monitoring device logs for unusual activity related to voicemail or profile settings can help detect exploitation attempts. Additionally, educating users about the risks of local privilege escalation and encouraging the use of strong device locks and encryption can further reduce attack surface. Enterprises should also consider isolating sensitive work profiles from less secure personal profiles and regularly auditing device configurations to ensure compliance with security policies.