{"id":"ASB-A-417463103","details":"In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-417463103","CVE-2025-48575"],"modified":"2026-04-10T16:16:18.068628Z","published":"2025-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/d688ebdbfd404df1e25654bfdf9e790ad9f0db3c"}],"affected":[{"package":{"name":"platform/packages/apps/CertInstaller","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-qpr2-next:0"},{"fixed":"16-qpr2-next:2025-12-01"}]}],"versions":["16-qpr2-next"],"ecosystem_specific":{"severity":"High","spl":"2025-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"],"vanir_signatures":[{"digest":{"line_hashes":["103901496256402229466384503393723912277","18720809403064552219339165216168260749","339184450843653545803881638117511054369","231613157017717151000699649961671672941","70333851653190860079119448811246161127","26035587186077096286353624074125104970","288419741676857396493676388736201793928","200337263394288613267087409979321800511","54351694185754919688428504293171576740","58436935891895855494212249124821043883","175227009910536180962869042720108157788","310425033356234360515752687754908154223","237679515135809758716672149636918968073","140460426784432020406851187952926095305","84039475043011529676134854347230257512","272376954987418974850270982791694601547","263378475441229504566891868693789061969","274397148266025622781274972943212023279","277823449955477155607831026498176776591"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-08e0f027","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"},{"digest":{"line_hashes":["208070268995805349569930411797753651390","123169669983335258228418061914981102109","326280069694882229128194079846587371275","119592523063725283780946789109431786739","340056697021609642581914470448081083279","153581026166356616010233739207154478967","158607895903461804740738833703222485111","200181950237130712912379191503056275440","276310727171001443104913996003416432747","260513266408957088855040176064490511864"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-14d11b7b","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"},{"digest":{"length":94,"function_hash":"258150643077968048156757358353350276237"},"signature_type":"Function","target":{"function":"calledBySettings","file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-32d79917","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"},{"digest":{"length":318,"function_hash":"35132757605557818009020706293083755770"},"signature_type":"Function","target":{"function":"extractPkcs12OrInstall","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-81d85b62","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"},{"digest":{"length":453,"function_hash":"32761022413947671591330254487883083729"},"signature_type":"Function","target":{"function":"onExtractionDone","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-dc6b9a85","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/46580f2f6f027dfe2284382184785f2979677303"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"}},{"package":{"name":"platform/packages/apps/CertInstaller","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-12-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"High","spl":"2025-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"],"vanir_signatures":[{"digest":{"line_hashes":["208070268995805349569930411797753651390","123169669983335258228418061914981102109","326280069694882229128194079846587371275","119592523063725283780946789109431786739","340056697021609642581914470448081083279","153581026166356616010233739207154478967","158607895903461804740738833703222485111","200181950237130712912379191503056275440","276310727171001443104913996003416432747","260513266408957088855040176064490511864"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-241447f2","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"},{"digest":{"length":94,"function_hash":"258150643077968048156757358353350276237"},"signature_type":"Function","target":{"function":"calledBySettings","file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-839435d9","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"},{"digest":{"length":453,"function_hash":"32761022413947671591330254487883083729"},"signature_type":"Function","target":{"function":"onExtractionDone","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-840850aa","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"},{"digest":{"line_hashes":["103901496256402229466384503393723912277","18720809403064552219339165216168260749","339184450843653545803881638117511054369","231613157017717151000699649961671672941","70333851653190860079119448811246161127","26035587186077096286353624074125104970","288419741676857396493676388736201793928","200337263394288613267087409979321800511","54351694185754919688428504293171576740","58436935891895855494212249124821043883","175227009910536180962869042720108157788","310425033356234360515752687754908154223","237679515135809758716672149636918968073","140460426784432020406851187952926095305","84039475043011529676134854347230257512","272376954987418974850270982791694601547","263378475441229504566891868693789061969","274397148266025622781274972943212023279","277823449955477155607831026498176776591"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-bfccb368","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"},{"digest":{"length":318,"function_hash":"35132757605557818009020706293083755770"},"signature_type":"Function","target":{"function":"extractPkcs12OrInstall","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-c8d82620","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/cb9f6a5f1e9ac1e89348ba36a69e90041d9a1a76"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"}},{"package":{"name":"platform/packages/apps/CertInstaller","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16:0"},{"fixed":"16:2025-12-01"}]}],"versions":["16"],"ecosystem_specific":{"severity":"High","spl":"2025-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"],"vanir_signatures":[{"digest":{"length":94,"function_hash":"258150643077968048156757358353350276237"},"signature_type":"Function","target":{"function":"calledBySettings","file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-333b691d","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"},{"digest":{"line_hashes":["103901496256402229466384503393723912277","18720809403064552219339165216168260749","339184450843653545803881638117511054369","231613157017717151000699649961671672941","70333851653190860079119448811246161127","26035587186077096286353624074125104970","288419741676857396493676388736201793928","200337263394288613267087409979321800511","54351694185754919688428504293171576740","58436935891895855494212249124821043883","175227009910536180962869042720108157788","310425033356234360515752687754908154223","237679515135809758716672149636918968073","140460426784432020406851187952926095305","84039475043011529676134854347230257512","272376954987418974850270982791694601547","263378475441229504566891868693789061969","274397148266025622781274972943212023279","277823449955477155607831026498176776591"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-3c2ebc0c","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"},{"digest":{"length":318,"function_hash":"35132757605557818009020706293083755770"},"signature_type":"Function","target":{"function":"extractPkcs12OrInstall","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-3c77c937","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"},{"digest":{"line_hashes":["208070268995805349569930411797753651390","123169669983335258228418061914981102109","326280069694882229128194079846587371275","119592523063725283780946789109431786739","340056697021609642581914470448081083279","153581026166356616010233739207154478967","158607895903461804740738833703222485111","200181950237130712912379191503056275440","276310727171001443104913996003416432747","260513266408957088855040176064490511864"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-51dab54d","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"},{"digest":{"length":453,"function_hash":"32761022413947671591330254487883083729"},"signature_type":"Function","target":{"function":"onExtractionDone","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-c2071a52","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/2f858ccb45cd1e1efd3175a217e06c06c109db66"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"}},{"package":{"name":"platform/packages/apps/CertInstaller","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-12-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","spl":"2025-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"],"vanir_signatures":[{"digest":{"length":318,"function_hash":"35132757605557818009020706293083755770"},"signature_type":"Function","target":{"function":"extractPkcs12OrInstall","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-0c6a8a0f","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"length":94,"function_hash":"258150643077968048156757358353350276237"},"signature_type":"Function","target":{"function":"calledBySettings","file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-2bf31d94","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"line_hashes":["208070268995805349569930411797753651390","123169669983335258228418061914981102109","326280069694882229128194079846587371275","119592523063725283780946789109431786739","340056697021609642581914470448081083279","153581026166356616010233739207154478967","158607895903461804740738833703222485111","200181950237130712912379191503056275440","276310727171001443104913996003416432747","260513266408957088855040176064490511864"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-6b13dd0c","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"line_hashes":["103901496256402229466384503393723912277","18720809403064552219339165216168260749","339184450843653545803881638117511054369","231613157017717151000699649961671672941","70333851653190860079119448811246161127","26035587186077096286353624074125104970","288419741676857396493676388736201793928","200337263394288613267087409979321800511","54351694185754919688428504293171576740","58436935891895855494212249124821043883","175227009910536180962869042720108157788","310425033356234360515752687754908154223","237679515135809758716672149636918968073","140460426784432020406851187952926095305","84039475043011529676134854347230257512","272376954987418974850270982791694601547","263378475441229504566891868693789061969","274397148266025622781274972943212023279","277823449955477155607831026498176776591"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-6e792385","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"length":453,"function_hash":"32761022413947671591330254487883083729"},"signature_type":"Function","target":{"function":"onExtractionDone","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-f46cbe4b","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"}},{"package":{"name":"platform/packages/apps/CertInstaller","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-12-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","spl":"2025-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"],"vanir_signatures":[{"digest":{"length":453,"function_hash":"32761022413947671591330254487883083729"},"signature_type":"Function","target":{"function":"onExtractionDone","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-02a51deb","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"length":94,"function_hash":"258150643077968048156757358353350276237"},"signature_type":"Function","target":{"function":"calledBySettings","file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-23d2f4a0","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"line_hashes":["208070268995805349569930411797753651390","123169669983335258228418061914981102109","326280069694882229128194079846587371275","119592523063725283780946789109431786739","340056697021609642581914470448081083279","153581026166356616010233739207154478967","158607895903461804740738833703222485111","200181950237130712912379191503056275440","276310727171001443104913996003416432747","260513266408957088855040176064490511864"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CredentialHelper.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-8208a35c","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"length":318,"function_hash":"35132757605557818009020706293083755770"},"signature_type":"Function","target":{"function":"extractPkcs12OrInstall","file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-d9f5e0ad","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"},{"digest":{"line_hashes":["103901496256402229466384503393723912277","18720809403064552219339165216168260749","339184450843653545803881638117511054369","231613157017717151000699649961671672941","70333851653190860079119448811246161127","26035587186077096286353624074125104970","288419741676857396493676388736201793928","200337263394288613267087409979321800511","54351694185754919688428504293171576740","58436935891895855494212249124821043883","175227009910536180962869042720108157788","310425033356234360515752687754908154223","237679515135809758716672149636918968073","140460426784432020406851187952926095305","84039475043011529676134854347230257512","272376954987418974850270982791694601547","263378475441229504566891868693789061969","274397148266025622781274972943212023279","277823449955477155607831026498176776591"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/certinstaller/CertInstaller.java"},"signature_version":"v1","deprecated":false,"id":"ASB-A-417463103-f29c455f","source":"https://android.googlesource.com/platform/packages/apps/CertInstaller/+/8b39e00f4c0692bf4e8da81dabdf49aab40a88d0"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-417463103.json"}}],"schema_version":"1.7.5"}