CVE-2025-48528 is a vulnerability identified in Google Android versions 15 and 16 that allows local elevation of privilege via a tapjacking or overlay attack targeting biometric authentication interfaces. The issue arises from insufficient protection against overlay windows in multiple locations within the Android biometric authentication flow. An attacker can create a transparent or deceptive overlay that intercepts or manipulates biometric prompts, effectively bypassing biometric security checks without requiring any additional execution privileges or user interaction. This means an attacker with local access—such as through a malicious app or compromised process—can escalate privileges by tricking the system into accepting unauthorized biometric input. The vulnerability is classified under CWE-266, which relates to improper access control. The CVSS v3.1 base score is 4.0, with attack vector local, low attack complexity, no privileges required, no user interaction, and limited confidentiality impact. No integrity or availability impacts are noted. No patches or exploits are currently publicly available, but the vulnerability poses a risk to the security of biometric authentication on affected Android versions. The flaw undermines the trustworthiness of biometric security, potentially allowing attackers to bypass biometric locks and gain elevated access to device functions or data.

The primary impact of CVE-2025-48528 is unauthorized local privilege escalation on affected Android devices, potentially allowing attackers to bypass biometric authentication mechanisms. This can lead to unauthorized access to sensitive device functions or data that are normally protected by biometric controls. Although the vulnerability does not directly compromise data confidentiality or system integrity broadly, it weakens a critical security barrier, increasing the risk of further exploitation or lateral movement on the device. Organizations relying on Android devices for secure authentication, especially in regulated industries or those handling sensitive information, may face increased risk of unauthorized access. The lack of required user interaction and no need for additional privileges makes exploitation easier for local attackers, such as malicious apps or insiders. However, the attack requires local access, limiting remote exploitation risk. The absence of known exploits in the wild reduces immediate threat but does not eliminate future risk. Overall, the vulnerability could undermine user trust in biometric security and complicate compliance with security policies requiring strong authentication.

To mitigate CVE-2025-48528, organizations and users should prioritize updating affected Android devices to versions where the vulnerability is patched once available. Until patches are released, consider the following specific mitigations: 1) Restrict installation of untrusted or third-party applications that could attempt local overlay attacks by enforcing strict app vetting and using mobile device management (MDM) policies. 2) Enable Google Play Protect and other runtime app scanning tools to detect potentially malicious apps that might exploit overlay capabilities. 3) Disable or limit the use of overlay permissions for apps, especially those not requiring such permissions for core functionality. 4) Educate users about the risks of installing apps from unknown sources and the importance of biometric security. 5) Monitor device logs and behavior for unusual overlay activity or biometric prompt anomalies. 6) Employ additional authentication factors where possible to reduce reliance solely on biometrics. 7) For high-security environments, consider temporarily disabling biometric authentication until patches are applied. These measures go beyond generic advice by focusing on controlling overlay permissions and app installation policies to reduce attack surface.