CVE-2025-48604 is an information disclosure vulnerability identified in multiple locations within Google Android versions 13, 14, 15, and 16. The root cause is a missing permission check that allows a local attacker with limited privileges to read files belonging to other users on the same device. This vulnerability does not require additional execution privileges or user interaction, which lowers the barrier for exploitation. The flaw corresponds to CWE-862 (Missing Authorization), indicating that the system fails to properly verify whether the requesting user has the right to access certain files. The impact is primarily on confidentiality, as unauthorized access to files can lead to leakage of sensitive personal or corporate data stored on the device. The vulnerability does not affect data integrity or system availability. The CVSS v3.1 base score is 5.5 (medium), reflecting local attack vector, low complexity, required privileges, no user interaction, and high confidentiality impact. No patches or known exploits have been reported as of the publication date (December 8, 2025). This vulnerability is particularly relevant for environments where Android devices are shared among multiple users or where malicious apps could leverage local access to extract data. The lack of user interaction requirement increases the risk in unattended or compromised devices. Organizations relying on Android devices for sensitive operations should be aware of this vulnerability and prepare to apply fixes once available.

For European organizations, this vulnerability poses a risk of unauthorized local information disclosure on Android devices used by employees or within corporate environments. Sensitive corporate or personal data stored on affected devices could be exposed to malicious local users or apps with limited privileges, potentially leading to privacy violations, intellectual property leaks, or compliance issues under GDPR. The absence of required user interaction and low complexity of exploitation increase the likelihood of internal threats or malware leveraging this flaw. Although it does not allow remote exploitation, the widespread use of Android devices in Europe, including BYOD policies and shared device scenarios, amplifies the risk. Confidentiality breaches could undermine trust, cause regulatory penalties, and necessitate costly incident response. The medium severity rating suggests moderate urgency, but organizations should prioritize mitigation in high-risk contexts such as government, finance, healthcare, and critical infrastructure sectors.

1. Restrict local access to Android devices by enforcing strong device lock mechanisms (PIN, biometric) to prevent unauthorized physical access. 2. Limit installation of untrusted or unnecessary applications, especially those requesting file system access, through enterprise mobile device management (MDM) solutions. 3. Monitor and audit local file access patterns to detect anomalous behavior indicative of exploitation attempts. 4. Apply principle of least privilege for apps and users on Android devices, minimizing granted permissions and segregating user profiles where possible. 5. Stay informed about official Google security bulletins and promptly apply patches or security updates once released for affected Android versions. 6. For shared devices, implement user separation and profile restrictions to reduce cross-user data exposure. 7. Educate users about risks of sideloading apps or granting excessive permissions. 8. Consider deploying endpoint detection and response (EDR) tools capable of monitoring local file access on Android devices. These targeted measures go beyond generic advice by focusing on local access controls, permission management, and proactive monitoring tailored to this vulnerability’s characteristics.