{"id":"ASB-A-409780975","details":"In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-409780975","CVE-2025-32333"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/591ea09a63e577a9ed666006e70430cc4f245078"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-next:0"},{"fixed":"16-next:2025-09-01"}]}],"versions":["16-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/b2ee5ccf5b79d50cf53a86716042f0e2d7ff42ad"],"types":["EoP"],"spl":"2025-09-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-409780975.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-09-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/65bb641d78c146921693ef894c3bdebc5b87660d"],"types":["EoP"],"spl":"2025-09-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-409780975.json"}}],"schema_version":"1.7.5"}