CVE-2025-32345: 
NixOS vulnerability analysis and mitigation

CVE-2025-32345 is a local privilege escalation vulnerability discovered in Android's ContentProtectionTogglePreferenceController.java component, disclosed on September 04, 2025. The vulnerability affects Android versions 15 and 16, allowing a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code (AttackerKB, ASEC).

The vulnerability exists in the updateState function of ContentProtectionTogglePreferenceController.java, where a logic error allows unauthorized modification of security settings. The vulnerability has been assigned a CVSS v3 Base Score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The attack vector is Local, requires Low privileges, and needs No user interaction for exploitation (AttackerKB).

The vulnerability allows a secondary user to escalate privileges locally without requiring additional execution privileges. This could lead to unauthorized modification of security settings, specifically the ability to disable the primary user's deceptive app scanning setting, potentially compromising the system's security posture (CIS Advisory).

Google has released a security patch in the September 2025 security update to address this vulnerability. Users are advised to update their Android devices to the latest security patch level dated 2025-09-05 or later. The fix involves preventing non-admin users from enabling the Content Protection toggle (Android Source).