Wiz
Vulnerability DatabaseCVE-2025-32322

CVE-2025-32322
NixOS vulnerability analysis and mitigation

Overview

CVE-2025-32322 is a security vulnerability discovered in Android's MediaProjectionPermissionActivity.java component. The vulnerability was disclosed on September 4, 2025, affecting Android versions 13.0 and 14.0. The issue stems from improper input validation that could allow a malicious app to obtain unauthorized screen recording capabilities (Android Bulletin).

Technical details

The vulnerability exists in the onCreate method of MediaProjectionPermissionActivity.java, where improper input validation could lead to unauthorized token generation for screen recording capabilities. The vulnerability has been assigned a CVSS 3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue has been classified under CWE-20 (Improper Input Validation) (NVD).

Impact

If exploited, this vulnerability could lead to local escalation of privilege, allowing a malicious application to gain unauthorized screen recording capabilities. The impact is significant as it requires no additional execution privileges or user interaction for exploitation (NVD).

Mitigation and workarounds

The vulnerability affects Android versions 13.0 and 14.0. Users and administrators should apply the security updates provided in the Android Security Bulletin once available (Android Bulletin).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-32322HIGH7.8
  • NixOSNixOS
  • android
NoNoSep 04, 2025
CVE-2025-26439HIGH7.8
  • NixOSNixOS
  • android
NoNoSep 04, 2025
CVE-2025-26431HIGH7.8
  • NixOSNixOS
  • android
NoNoSep 04, 2025
CVE-2025-22415MEDIUM4
  • NixOSNixOS
  • android
NoNoSep 04, 2025
CVE-2025-26419LOW3.3
  • NixOSNixOS
  • android
NoNoSep 04, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo