{"id":"ASB-A-417463103", "published":"2025-12-01T00:00:00Z", "modified":"2026-04-03T15:37:31.002635057Z", "aliases":["CVE-2025-48575", "A-417463103"], "details":"In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/CertInstaller", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16-qpr2-next:0"}, {"fixed":"16-qpr2-next:2025-12-01"}]}], "versions":["16-qpr2-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["103901496256402229466384503393723912277", "18720809403064552219339165216168260749", "339184450843653545803881638117511054369", "231613157017717151000699649961671672941", "70333851653190860079119448811246161127", "26035587186077096286353624074125104970", "288419741676857396493676388736201793928", "200337263394288613267087409979321800511", "54351694185754919688428504293171576740", "58436935891895855494212249124821043883", "175227009910536180962869042720108157788", "310425033356234360515752687754908154223", "237679515135809758716672149636918968073", "140460426784432020406851187952926095305", "84039475043011529676134854347230257512", "272376954987418974850270982791694601547", "263378475441229504566891868693789061969", "274397148266025622781274972943212023279", "277823449955477155607831026498176776591"], "threshold":0.9}, "id":"ASB-A-417463103-08e0f027", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303", "target":{"file":"src/com/android/certinstaller/CertInstaller.java"}}, {"deprecated":false, "digest":{"line_hashes":["208070268995805349569930411797753651390", "123169669983335258228418061914981102109", "326280069694882229128194079846587371275", "119592523063725283780946789109431786739", "340056697021609642581914470448081083279", "153581026166356616010233739207154478967", "158607895903461804740738833703222485111", "200181950237130712912379191503056275440", "276310727171001443104913996003416432747", "260513266408957088855040176064490511864"], "threshold":0.9}, "id":"ASB-A-417463103-14d11b7b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java"}}, {"deprecated":false, "digest":{"function_hash":"258150643077968048156757358353350276237", "length":94}, "id":"ASB-A-417463103-32d79917", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java", "function":"calledBySettings"}}, {"deprecated":false, "digest":{"function_hash":"35132757605557818009020706293083755770", "length":318}, "id":"ASB-A-417463103-81d85b62", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"extractPkcs12OrInstall"}}, {"deprecated":false, "digest":{"function_hash":"32761022413947671591330254487883083729", "length":453}, "id":"ASB-A-417463103-dc6b9a85", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"onExtractionDone"}}]}}, {"package":{"name":"platform/packages/apps/CertInstaller", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"15:0"}, {"fixed":"15:2025-12-01"}]}], "versions":["15"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["208070268995805349569930411797753651390", "123169669983335258228418061914981102109", "326280069694882229128194079846587371275", "119592523063725283780946789109431786739", "340056697021609642581914470448081083279", "153581026166356616010233739207154478967", "158607895903461804740738833703222485111", "200181950237130712912379191503056275440", "276310727171001443104913996003416432747", "260513266408957088855040176064490511864"], "threshold":0.9}, "id":"ASB-A-417463103-241447f2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java"}}, {"deprecated":false, "digest":{"function_hash":"258150643077968048156757358353350276237", "length":94}, "id":"ASB-A-417463103-839435d9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java", "function":"calledBySettings"}}, {"deprecated":false, "digest":{"function_hash":"32761022413947671591330254487883083729", "length":453}, "id":"ASB-A-417463103-840850aa", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"onExtractionDone"}}, {"deprecated":false, "digest":{"line_hashes":["103901496256402229466384503393723912277", "18720809403064552219339165216168260749", "339184450843653545803881638117511054369", "231613157017717151000699649961671672941", "70333851653190860079119448811246161127", "26035587186077096286353624074125104970", "288419741676857396493676388736201793928", "200337263394288613267087409979321800511", "54351694185754919688428504293171576740", "58436935891895855494212249124821043883", "175227009910536180962869042720108157788", "310425033356234360515752687754908154223", "237679515135809758716672149636918968073", "140460426784432020406851187952926095305", "84039475043011529676134854347230257512", "272376954987418974850270982791694601547", "263378475441229504566891868693789061969", "274397148266025622781274972943212023279", "277823449955477155607831026498176776591"], "threshold":0.9}, "id":"ASB-A-417463103-bfccb368", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76", "target":{"file":"src/com/android/certinstaller/CertInstaller.java"}}, {"deprecated":false, "digest":{"function_hash":"35132757605557818009020706293083755770", "length":318}, "id":"ASB-A-417463103-c8d82620", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"extractPkcs12OrInstall"}}]}}, {"package":{"name":"platform/packages/apps/CertInstaller", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"16:0"}, {"fixed":"16:2025-12-01"}]}], "versions":["16"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"258150643077968048156757358353350276237", "length":94}, "id":"ASB-A-417463103-333b691d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java", "function":"calledBySettings"}}, {"deprecated":false, "digest":{"line_hashes":["103901496256402229466384503393723912277", "18720809403064552219339165216168260749", "339184450843653545803881638117511054369", "231613157017717151000699649961671672941", "70333851653190860079119448811246161127", "26035587186077096286353624074125104970", "288419741676857396493676388736201793928", "200337263394288613267087409979321800511", "54351694185754919688428504293171576740", "58436935891895855494212249124821043883", "175227009910536180962869042720108157788", "310425033356234360515752687754908154223", "237679515135809758716672149636918968073", "140460426784432020406851187952926095305", "84039475043011529676134854347230257512", "272376954987418974850270982791694601547", "263378475441229504566891868693789061969", "274397148266025622781274972943212023279", "277823449955477155607831026498176776591"], "threshold":0.9}, "id":"ASB-A-417463103-3c2ebc0c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66", "target":{"file":"src/com/android/certinstaller/CertInstaller.java"}}, {"deprecated":false, "digest":{"function_hash":"35132757605557818009020706293083755770", "length":318}, "id":"ASB-A-417463103-3c77c937", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"extractPkcs12OrInstall"}}, {"deprecated":false, "digest":{"line_hashes":["208070268995805349569930411797753651390", "123169669983335258228418061914981102109", "326280069694882229128194079846587371275", "119592523063725283780946789109431786739", "340056697021609642581914470448081083279", "153581026166356616010233739207154478967", "158607895903461804740738833703222485111", "200181950237130712912379191503056275440", "276310727171001443104913996003416432747", "260513266408957088855040176064490511864"], "threshold":0.9}, "id":"ASB-A-417463103-51dab54d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java"}}, {"deprecated":false, "digest":{"function_hash":"32761022413947671591330254487883083729", "length":453}, "id":"ASB-A-417463103-c2071a52", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"onExtractionDone"}}]}}, {"package":{"name":"platform/packages/apps/CertInstaller", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2025-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"35132757605557818009020706293083755770", "length":318}, "id":"ASB-A-417463103-0c6a8a0f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"extractPkcs12OrInstall"}}, {"deprecated":false, "digest":{"function_hash":"258150643077968048156757358353350276237", "length":94}, "id":"ASB-A-417463103-2bf31d94", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java", "function":"calledBySettings"}}, {"deprecated":false, "digest":{"line_hashes":["208070268995805349569930411797753651390", "123169669983335258228418061914981102109", "326280069694882229128194079846587371275", "119592523063725283780946789109431786739", "340056697021609642581914470448081083279", "153581026166356616010233739207154478967", "158607895903461804740738833703222485111", "200181950237130712912379191503056275440", "276310727171001443104913996003416432747", "260513266408957088855040176064490511864"], "threshold":0.9}, "id":"ASB-A-417463103-6b13dd0c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java"}}, {"deprecated":false, "digest":{"line_hashes":["103901496256402229466384503393723912277", "18720809403064552219339165216168260749", "339184450843653545803881638117511054369", "231613157017717151000699649961671672941", "70333851653190860079119448811246161127", "26035587186077096286353624074125104970", "288419741676857396493676388736201793928", "200337263394288613267087409979321800511", "54351694185754919688428504293171576740", "58436935891895855494212249124821043883", "175227009910536180962869042720108157788", "310425033356234360515752687754908154223", "237679515135809758716672149636918968073", "140460426784432020406851187952926095305", "84039475043011529676134854347230257512", "272376954987418974850270982791694601547", "263378475441229504566891868693789061969", "274397148266025622781274972943212023279", "277823449955477155607831026498176776591"], "threshold":0.9}, "id":"ASB-A-417463103-6e792385", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CertInstaller.java"}}, {"deprecated":false, "digest":{"function_hash":"32761022413947671591330254487883083729", "length":453}, "id":"ASB-A-417463103-f46cbe4b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"onExtractionDone"}}]}}, {"package":{"name":"platform/packages/apps/CertInstaller", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2025-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"], "severity":"High", "spl":"2025-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"32761022413947671591330254487883083729", "length":453}, "id":"ASB-A-417463103-02a51deb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"onExtractionDone"}}, {"deprecated":false, "digest":{"function_hash":"258150643077968048156757358353350276237", "length":94}, "id":"ASB-A-417463103-23d2f4a0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java", "function":"calledBySettings"}}, {"deprecated":false, "digest":{"line_hashes":["208070268995805349569930411797753651390", "123169669983335258228418061914981102109", "326280069694882229128194079846587371275", "119592523063725283780946789109431786739", "340056697021609642581914470448081083279", "153581026166356616010233739207154478967", "158607895903461804740738833703222485111", "200181950237130712912379191503056275440", "276310727171001443104913996003416432747", "260513266408957088855040176064490511864"], "threshold":0.9}, "id":"ASB-A-417463103-8208a35c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CredentialHelper.java"}}, {"deprecated":false, "digest":{"function_hash":"35132757605557818009020706293083755770", "length":318}, "id":"ASB-A-417463103-d9f5e0ad", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CertInstaller.java", "function":"extractPkcs12OrInstall"}}, {"deprecated":false, "digest":{"line_hashes":["103901496256402229466384503393723912277", "18720809403064552219339165216168260749", "339184450843653545803881638117511054369", "231613157017717151000699649961671672941", "70333851653190860079119448811246161127", "26035587186077096286353624074125104970", "288419741676857396493676388736201793928", "200337263394288613267087409979321800511", "54351694185754919688428504293171576740", "58436935891895855494212249124821043883", "175227009910536180962869042720108157788", "310425033356234360515752687754908154223", "237679515135809758716672149636918968073", "140460426784432020406851187952926095305", "84039475043011529676134854347230257512", "272376954987418974850270982791694601547", "263378475441229504566891868693789061969", "274397148266025622781274972943212023279", "277823449955477155607831026498176776591"], "threshold":0.9}, "id":"ASB-A-417463103-f29c455f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0", "target":{"file":"src/com/android/certinstaller/CertInstaller.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/d688ebdbfd404df1e25654bfdf9e790ad9f0db3c"}]}