CVE-2025-48541 is a high-severity local privilege escalation vulnerability affecting Google Android versions 13 through 16. The flaw exists in the FaceSettings.java component, specifically within the onCreate method, where improper input validation allows an attacker to remove biometric unlock capabilities across user profiles. This vulnerability stems from CWE-20, indicating insufficient input validation. Exploitation does not require user interaction or additional execution privileges beyond those of the local user, making it a potent vector for privilege escalation. By exploiting this flaw, a local attacker can elevate their privileges, potentially gaining access to restricted biometric authentication settings and bypassing security controls tied to biometric unlock features. The vulnerability impacts confidentiality, integrity, and availability, as it can lead to unauthorized access and modification of biometric settings, undermining device security. Although no known exploits are currently reported in the wild, the vulnerability's characteristics and high CVSS score (7.8) underscore the urgency for remediation. The lack of a publicly available patch at the time of disclosure necessitates proactive mitigation strategies by affected users and organizations.

For European organizations, this vulnerability poses significant risks, especially for enterprises relying on Android devices for secure authentication and access control. The ability to remove biometric unlock across user profiles can lead to unauthorized access to sensitive corporate data and systems, potentially facilitating lateral movement within networks. This is particularly concerning for sectors with stringent data protection requirements, such as finance, healthcare, and government agencies. The local nature of the exploit means that physical or local access to devices is required, which could be leveraged in scenarios involving lost or stolen devices or insider threats. The compromise of biometric authentication undermines trust in device security, potentially leading to data breaches and compliance violations under regulations like GDPR. Additionally, the impact on device availability and integrity could disrupt business operations reliant on secure mobile platforms.

Given the absence of an official patch at the time of this report, European organizations should implement layered mitigation strategies. First, enforce strict physical security controls to limit unauthorized local access to Android devices, including secure storage and device tracking. Second, restrict the use of biometric authentication to trusted users and consider disabling biometric unlock temporarily on devices in high-risk environments until patches are available. Third, implement mobile device management (MDM) solutions to monitor device configurations and detect unauthorized changes to biometric settings. Fourth, educate users about the risks of local privilege escalation and the importance of reporting lost or stolen devices promptly. Finally, maintain vigilance for updates from Google and apply security patches immediately upon release to remediate the vulnerability.