CVE-2025-48609 is a security vulnerability identified in Google Android's MmsProvider.java component, specifically affecting versions 14, 15, and 16. The vulnerability arises from a path traversal error in multiple functions, which allows an attacker to delete arbitrary files related to telephony, SMS, and MMS functionalities. This deletion can cause a local denial of service (DoS) by disrupting core communication services on the device. Notably, exploitation does not require any additional execution privileges beyond what is already available locally, nor does it require user interaction, which increases the risk of automated or stealthy attacks. The path traversal flaw enables an attacker with local access to manipulate file paths improperly, bypassing intended access controls and deleting critical files. Although no known exploits have been reported in the wild, the vulnerability's presence in widely used Android versions makes it a significant concern. The lack of a CVSS score means severity must be assessed based on impact and exploitability factors. The vulnerability affects fundamental telephony and messaging services, which are integral to device operation and user communication. The absence of patches at the time of reporting underscores the need for vigilance and rapid response once fixes are released.

The primary impact of CVE-2025-48609 is a local denial of service affecting telephony, SMS, and MMS functionalities on Android devices. This disruption can prevent users from sending or receiving calls and messages, severely impacting personal and organizational communications. For enterprises relying on Android devices for critical communications, this could lead to operational downtime, loss of productivity, and potential safety risks if emergency communications are hindered. The vulnerability does not appear to allow privilege escalation or remote code execution, limiting its scope to local attackers. However, because no user interaction or elevated privileges are required, malicious apps or local attackers could exploit this flaw to cause persistent service outages. The inability to use core communication features could also affect mobile-dependent services, such as two-factor authentication via SMS or telephony-based alerts. While no data confidentiality breach is indicated, the integrity and availability of messaging services are compromised. The broad deployment of affected Android versions globally means the potential impact is widespread, especially in regions with high Android market share.

Organizations and users should monitor for official patches from Google addressing CVE-2025-48609 and apply them promptly to affected Android versions 14, 15, and 16. Until patches are available, restricting local access to devices and limiting installation of untrusted applications can reduce exploitation risk. Employing mobile device management (MDM) solutions to enforce application whitelisting and restrict permissions can help prevent malicious apps from exploiting the vulnerability. Regularly auditing device logs for unusual file deletion or telephony service disruptions may provide early indicators of exploitation attempts. Users should avoid installing apps from unknown sources and maintain updated security configurations. For organizations, isolating critical communication devices from untrusted networks and enforcing strong endpoint security policies will mitigate local attack vectors. Additionally, educating users about the risks of local exploitation and encouraging prompt reporting of telephony or messaging anomalies can aid in early detection. Once patches are released, thorough testing and rapid deployment across all affected devices are essential to restore service integrity and availability.