CVE-2025-48628 is a vulnerability discovered in the PrintManagerService component of Google Android, specifically within the validateIconUserBoundary function. This function is responsible for validating image boundaries related to print icons. Due to a confused deputy problem, the function improperly enforces user boundaries, allowing a local attacker to leak images belonging to other users on the same device. This cross-user image leak can lead to an information disclosure scenario where sensitive images or icons intended for one user become accessible to another. The vulnerability does not require the attacker to have any additional execution privileges beyond local access, nor does it require any user interaction, making it easier to exploit in environments where multiple users share a device or where an attacker has gained local access through other means. A local escalation of privilege is possible because the attacker can access data across user boundaries, potentially bypassing Android's multi-user security model. The affected Android versions include 13, 14, 15, and 16, covering a wide range of devices currently in use. Although no public exploits are known at this time, the vulnerability's nature suggests that it could be leveraged in targeted attacks or combined with other vulnerabilities to increase impact. The lack of a CVSS score means the severity must be assessed based on the technical details: the vulnerability impacts confidentiality, is exploitable locally without user interaction, and affects a broad user base due to the popularity of Android. The vulnerability was published on December 8, 2025, with the reservation date in May 2025, indicating a recent discovery and disclosure.

For European organizations, especially those with employees using Android devices for work or shared devices in corporate or public environments, this vulnerability poses a risk of unauthorized access to sensitive images or data stored in user profiles. The confidentiality breach could lead to exposure of proprietary or personal information, undermining privacy and compliance with regulations such as GDPR. Organizations relying on Android devices for secure communications or document handling may face increased risk of insider threats or local attackers exploiting this flaw to escalate privileges and access restricted data. The vulnerability could also impact managed devices in sectors like finance, healthcare, and government, where multi-user devices or kiosks are common. Although the vulnerability requires local access, the ease of exploitation without user interaction increases the threat level in environments where physical device access is possible or where malware has already gained local foothold. The absence of known exploits currently limits immediate widespread impact but does not eliminate the risk of future exploitation. The broad range of affected Android versions means many devices in use across Europe remain vulnerable until patches are applied.

Organizations should prioritize deploying security updates from Google as soon as patches become available for affected Android versions 13 through 16. Until patches are released, restrict physical and local access to Android devices, especially in shared or public environments, to reduce the risk of exploitation. Implement strict device management policies that limit installation of untrusted applications and monitor for suspicious local activity that could indicate exploitation attempts. Use mobile device management (MDM) solutions to enforce security configurations and promptly apply updates. Educate users about the risks of local device compromise and encourage strong authentication methods to prevent unauthorized local access. For high-security environments, consider disabling multi-user features or restricting user switching to minimize cross-user data leakage risks. Regularly audit device logs and access patterns to detect anomalies. Finally, coordinate with vendors and security teams to stay informed about patch releases and emerging exploit reports related to this vulnerability.