CVE-2025-48545 is a vulnerability identified in the AccountManagerService component of Google Android operating systems versions 13 through 16. The flaw exists in the isSystemUid method, where a confused deputy problem allows a local application with limited privileges to invoke privileged APIs improperly. This occurs because the method incorrectly validates the caller's identity, permitting privilege escalation without requiring additional execution privileges or user interaction. The vulnerability is classified under CWE-441 (Incorrect Authorization) and can lead to unauthorized access to sensitive information and privileged operations, compromising both confidentiality and integrity of the system. The CVSS v3.1 base score is 7.1, reflecting high severity due to the ease of exploitation (local access with low complexity), significant impact on confidentiality and integrity, and no need for user interaction. Although no public exploits have been reported, the vulnerability poses a substantial risk to Android devices, especially in environments where local app installation is possible. The flaw does not affect system availability and is limited to local privilege escalation scenarios. The absence of patches at the time of publication necessitates immediate attention from security teams to monitor for updates and implement interim controls.

This vulnerability can have severe consequences for organizations and individuals using affected Android versions. Exploitation allows a local app to escalate privileges and access sensitive APIs, potentially leading to unauthorized disclosure of confidential data, manipulation of system settings, or unauthorized actions that compromise system integrity. For enterprises, this could mean exposure of corporate data on mobile devices, undermining mobile device management (MDM) controls and increasing the risk of insider threats or malware persistence. The lack of user interaction requirement makes automated or stealthy exploitation feasible once local access is gained, increasing the attack surface. Although availability is not impacted, the breach of confidentiality and integrity can lead to data leaks, compliance violations, and erosion of trust in mobile security. The threat is particularly critical in sectors relying heavily on Android devices for sensitive communications and operations, such as finance, healthcare, and government.

Organizations should immediately inventory Android devices to identify those running versions 13 through 16 and prioritize them for security review. Since no patches are currently available, interim mitigations include restricting installation of untrusted or third-party applications through enterprise app stores or MDM policies, enforcing strict app permission controls, and monitoring for unusual app behavior indicative of privilege escalation attempts. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions capable of detecting suspicious local privilege escalations. Educate users on the risks of installing unknown apps and encourage use of Google Play Protect or similar security services. Once Google releases patches, apply them promptly. Additionally, consider implementing device-level encryption and strong authentication to reduce the impact of potential data exposure. Regularly review security advisories for updates on exploit availability and patch releases.