Wiz
Vulnerability DatabaseCVE-2025-48538

CVE-2025-48538
NixOS vulnerability analysis and mitigation

Overview

CVE-2025-48538 is a vulnerability discovered in Android's PackageManagerService.java, specifically in the setApplicationHiddenSettingAsUser function. The vulnerability was disclosed on September 4, 2025, affecting Android versions 13.0 through 16.0 (NVD).

Technical details

The vulnerability exists due to improper input validation in the setApplicationHiddenSettingAsUser function of PackageManagerService.java. It has been assigned a CVSS 3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-20 (Improper Input Validation) (NVD).

Impact

The vulnerability allows an attacker to hide system critical packages, which could lead to local denial of service. The impact is particularly severe as hiding SystemUI makes the phone impossible to use, even when executed within a managed profile (Android Code).

Mitigation and workarounds

Google has released a security patch as part of the September 2025 security update. The fix prevents the hiding of SystemUI through the vulnerable function. Users are advised to update their Android devices to the security patch level 2025-09-05 or later (Android Bulletin).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-14330CRITICAL9.8
  • NixOSNixOS
  • rhel10::firefox-flatpak
NoYesDec 09, 2025
CVE-2025-14329HIGH8.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox
NoYesDec 09, 2025
CVE-2025-14333HIGH8.1
  • NixOSNixOS
  • firefox
NoYesDec 09, 2025
CVE-2025-14332HIGH7.3
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox
NoYesDec 09, 2025
CVE-2025-14331MEDIUM6.5
  • NixOSNixOS
  • rhel10::thunderbird-flatpak
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo