CVE-2025-32347 is a high-severity elevation of privilege vulnerability affecting Google Android versions 13 through 16. The flaw resides in the onStart method of the BiometricEnrollIntroduction.java component, where an unsafe PendingIntent implementation allows an attacker to potentially determine the device's location. This vulnerability is classified under CWE-926, which involves improper control of a resource through a dangerous reference, in this case, the PendingIntent. Exploitation requires local access and user interaction but does not need additional execution privileges, meaning an attacker with limited permissions could leverage this flaw to escalate their privileges on the device. The vulnerability impacts confidentiality, integrity, and availability, as indicated by the CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting that the attacker can gain high impact on all three security properties. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a significant risk, especially given the widespread use of Android devices. The unsafe PendingIntent could allow attackers to intercept or manipulate intents, potentially leaking sensitive location information and enabling further malicious actions on the device.

For European organizations, this vulnerability poses a considerable risk, particularly for enterprises relying on Android devices for secure communications, authentication, or handling sensitive data. The ability to escalate privileges locally could allow attackers to bypass security controls, access confidential information, or disrupt device availability. This is especially critical for sectors such as finance, healthcare, and government, where data protection is paramount under regulations like GDPR. The location leakage aspect could also lead to privacy violations, undermining user trust and compliance with privacy laws. Furthermore, since user interaction is required, phishing or social engineering campaigns could be used to trigger exploitation, increasing the attack surface. The impact extends to mobile device management (MDM) environments where compromised devices could serve as entry points into corporate networks.

To mitigate this vulnerability, European organizations should prioritize updating affected Android devices to patched versions once available from Google or device manufacturers. In the interim, organizations should enforce strict application control policies to limit installation of untrusted apps that could exploit this vulnerability. Employing mobile threat defense solutions that detect suspicious local privilege escalation attempts can provide additional protection. User awareness training should emphasize the risks of interacting with untrusted prompts or applications, reducing the likelihood of successful exploitation requiring user interaction. Organizations should also review and tighten PendingIntent usage in custom applications to avoid similar unsafe implementations. For sensitive environments, consider restricting device features related to biometric enrollment or location services until patches are applied. Regular audits of device security posture and compliance with mobile security best practices will further reduce risk.