CVE-2025-48541 is a vulnerability identified in Google Android operating system versions 13, 14, 15, and 16. The flaw exists in the onCreate method of the FaceSettings.java component, where improper input validation allows an attacker to manipulate biometric unlock settings across multiple user profiles. Specifically, this vulnerability enables a local attacker with limited privileges to remove biometric unlock configurations without requiring additional execution privileges or user interaction. This is classified as a CWE-20 (Improper Input Validation) issue. The vulnerability can lead to elevation of privilege by bypassing biometric security controls, potentially granting unauthorized access to user data and device functions. The CVSS v3.1 base score is 7.8, reflecting high severity due to its impact on confidentiality, integrity, and availability, combined with low attack complexity and no need for user interaction. Although no exploits have been reported in the wild yet, the vulnerability poses a significant risk given the widespread use of Android devices globally. The lack of available patches at the time of publication necessitates immediate attention to mitigation strategies to prevent exploitation.

The vulnerability allows a local attacker to escalate privileges by disabling biometric unlock features across user profiles, undermining device security. This can lead to unauthorized access to sensitive data, bypassing biometric authentication mechanisms that protect user privacy and device integrity. The compromise of biometric settings can also affect device availability if security policies are altered or disabled. Organizations relying on Android devices for secure authentication, especially in multi-user environments, face increased risk of data breaches, unauthorized device control, and potential lateral movement within networks. The ease of exploitation without user interaction increases the threat level, particularly in environments where physical or local access to devices is possible. The impact extends to personal users, enterprises, and government agencies using affected Android versions, potentially leading to significant confidentiality, integrity, and availability losses.

1. Apply official security patches from Google promptly once they become available to address the vulnerability in FaceSettings.java. 2. Restrict local access to Android devices, especially in environments with multiple user profiles, to reduce the risk of exploitation. 3. Implement strict device management policies that monitor and log changes to biometric settings and user profiles. 4. Use mobile device management (MDM) solutions to enforce security configurations and detect unauthorized modifications. 5. Educate users about the risks of local privilege escalation and encourage secure device handling practices. 6. Temporarily disable biometric unlock features or restrict their use to single-user profiles where feasible until patches are applied. 7. Conduct regular security audits on Android devices to identify and remediate unauthorized changes to authentication settings. 8. Monitor threat intelligence feeds for updates on exploit availability and adjust defenses accordingly.