CVE-2025-48550 is a medium-severity vulnerability affecting Google Android versions 13 through 16. The flaw exists in the testGrantSlicePermission method within SliceManagerTest.java, where a path traversal error can be exploited to cause a permanent local denial of service (DoS). Specifically, the vulnerability arises from improper validation of file paths, allowing an attacker to traverse directories and potentially disrupt the normal functioning of the SliceManager component. Exploitation does not require user interaction and only requires local privileges (PR:L), meaning an attacker with limited access to the device can trigger the DoS condition. The impact is limited to availability, with no confidentiality or integrity compromise. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), indicating that the root cause is insufficient sanitization of file path inputs. Although no public exploits are known at this time and no patches have been linked, the vulnerability is significant because it can cause a persistent denial of service, potentially requiring device reboot or factory reset to recover. The CVSS 3.1 base score is 5.5, reflecting medium severity due to the local attack vector and limited scope of impact.

For European organizations, this vulnerability poses a risk primarily to Android devices used within corporate environments, especially those running affected versions (13 to 16). The denial of service could disrupt mobile workflows, impede access to critical applications, or cause operational downtime on affected devices. In sectors relying heavily on mobile communications and Android-based applications—such as finance, healthcare, and public administration—this could degrade productivity and service availability. Although the attack requires local access, insider threats or malware that gains limited privileges could exploit this flaw to disrupt device availability. The lack of need for user interaction increases the risk of automated or stealthy exploitation once local access is obtained. However, since the vulnerability does not compromise data confidentiality or integrity, the impact is confined to availability, which may limit the overall business risk but still represents a significant operational concern.

To mitigate this vulnerability, European organizations should prioritize updating Android devices to versions beyond 16 once patches are released by Google. Until patches are available, organizations should enforce strict device access controls to prevent unauthorized local access, including robust endpoint security solutions and mobile device management (MDM) policies that restrict installation of untrusted applications and limit privilege escalation. Monitoring for unusual device behavior indicative of denial of service conditions should be implemented. Additionally, organizations should educate users about the risks of granting local access to untrusted parties and consider isolating critical Android devices from high-risk environments. For developers and security teams, reviewing and hardening path validation logic in custom Android applications and internal tools can reduce the risk of similar path traversal issues. Finally, maintaining an inventory of Android devices and their OS versions will help prioritize remediation efforts.