CVE-2025-22419: 
NixOS vulnerability analysis and mitigation

CVE-2025-22419 is a local privilege escalation vulnerability affecting Android operating system versions 13, 14, and 15. The vulnerability was disclosed in the April 2025 Android Security Bulletin and involves a tapjacking/overlay attack that could mislead users into enabling malicious phone calls forwarding (Android Bulletin).

The vulnerability exists in multiple locations within the Android system where a tapjacking/overlay attack could be executed to manipulate phone call forwarding settings. It has been assigned a CVSS v3.1 Base Score of 7.3 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The attack requires local access, low attack complexity, low privileges, and user interaction (AttackerKB).

If successfully exploited, this vulnerability could lead to local privilege escalation. The high CVSS impact scores for Confidentiality, Integrity, and Availability (all rated as High) indicate that successful exploitation could result in significant system compromise (AttackerKB).

Google has released patches for this vulnerability in the April 2025 security update. The fix includes preventing overlays on Telephony settings screens by ensuring only system overlays are allowed. Users should update their Android devices to the latest security patch level (Android Source).