CVE-2025-48604 is a vulnerability identified in Google Android versions 13, 14, 15, and 16, where multiple locations in the operating system lack proper permission checks. This flaw allows a local attacker to read files belonging to other users on the same device without needing additional execution privileges or user interaction. The vulnerability arises from missing enforcement of access control mechanisms, enabling unauthorized local information disclosure. Since Android is a multi-user system, this can lead to exposure of sensitive user data, potentially including personal files, credentials, or application data. The vulnerability does not require elevated privileges or social engineering, which increases the risk of exploitation by malicious apps or local attackers with physical or logical access to the device. No public exploits have been reported yet, but the flaw's nature suggests it could be leveraged in targeted attacks or by malware to harvest sensitive information. The absence of a CVSS score indicates that the vulnerability is newly published, and detailed impact metrics are not yet available. However, the technical details confirm that the attack vector is local, and the impact is primarily confidentiality loss. Android's widespread deployment in smartphones, tablets, and embedded devices makes this a significant concern for users and organizations relying on these devices for secure communications and data storage.

For European organizations, this vulnerability poses a risk to the confidentiality of sensitive information stored on Android devices used by employees. Since exploitation requires only local access and no user interaction, attackers with physical access or malware with local execution capabilities can extract data from other user profiles on the device. This could lead to leakage of corporate emails, credentials, or proprietary data, undermining privacy and compliance with regulations such as GDPR. The impact is particularly critical for sectors with high mobile device usage, including finance, healthcare, and government agencies. Additionally, the vulnerability could facilitate lateral movement within compromised devices or networks if attackers gain initial footholds. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as threat actors often develop exploits rapidly after disclosure. The potential for widespread impact is high given Android's dominant market share in Europe, affecting both consumer and enterprise devices.

Organizations should prioritize monitoring for updates from Google and Android device manufacturers and apply security patches promptly once available. Until patches are released, restricting physical and logical local access to devices is critical. Implementing strong device access controls such as biometric locks, PINs, and encryption can reduce the risk of unauthorized local access. Enterprises should enforce mobile device management (MDM) policies that limit installation of untrusted applications and restrict app permissions to minimize the attack surface. Regular audits of device configurations and user privileges can help detect anomalies. Additionally, educating users about the risks of local device sharing and encouraging secure handling of devices can mitigate exploitation opportunities. For highly sensitive environments, consider isolating critical data from mobile devices or using containerization solutions to segregate corporate data from personal profiles. Continuous monitoring for unusual file access patterns on devices may help detect exploitation attempts early.