CVE-2025-48561: 
NixOS vulnerability analysis and mitigation

CVE-2025-48561 is a high-severity information disclosure vulnerability discovered in the Android Framework. The vulnerability was disclosed on September 4, 2025, and affects multiple versions of the Android operating system including Android 13.0 through 16.0. The vulnerability exists in multiple locations where there is a possible way to access data displayed on the screen due to side channel information disclosure (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction for exploitation. The vulnerability has been classified under CWE-203 (Observable Discrepancy) and primarily affects confidentiality with no impact on integrity or availability (NVD).

The vulnerability could lead to local information disclosure with no additional execution privileges needed. The high confidentiality impact rating suggests that the vulnerability could allow complete disclosure of all data on the affected system (NVD, CIS Security).

Google has released security patches as part of the September 2025 Android Security Bulletin. Users are advised to update their Android devices to the latest security patch level dated 2025-09-05 or later to address this vulnerability (Android Security Bulletin).