CVE-2025-48562: 
NixOS vulnerability analysis and mitigation

CVE-2025-48562 is a local information disclosure vulnerability discovered in Android's RemotePrintDocument.java component, specifically in the writeContent function. The vulnerability was disclosed on September 4, 2025, and affects multiple versions of the Android operating system including Android 13.0, 14.0, 15.0, and 16.0. This security flaw was included in Google's September 2025 Android Security Bulletin (Android Bulletin, NVD).

The vulnerability stems from a logic error in the writeContent function of RemotePrintDocument.java, which could lead to information disclosure. It has been assigned a CVSS v3.1 base score of 5.0 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N. The vulnerability requires local access and user interaction for exploitation, but does not require elevated execution privileges (NVD).

The vulnerability can result in local information disclosure, potentially exposing sensitive data to unauthorized users. While the impact is limited to information disclosure with no ability to modify or delete data, the confidentiality impact is rated as High in the CVSS scoring (NVD).

Google has released a patch for this vulnerability in the September 2025 security update. The fix involves modifying the behavior of the writeContent function to prevent information disclosure. Users are advised to update their Android devices to the latest security patch level dated 2025-09-05 or later (Android Bulletin, Google Patch).