—

CVE-2025-48651PATCHED

google · android

CVE-2025-48651: StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467

Description

StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899.

Affected Products

Vendor	Product	Versions
google	android	Android SoC

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
google	android	cert_advisory	90%

References

https://source.android.com/docs/security/bulletin/2026/2026-04-01(vendor-advisory)

Related News (3 articles)

Tier D

SecurityWeek2h ago

Severe StrongBox Vulnerability Patched in Android

→ No new info (linked only)

Tier B

BSI Advisories6h ago

[NEU] [mittel] Google Android: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB21h ago

CVE-2025-48651 | Google Android privilege escalation

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://source.android.com/docs/security/bulletin/2026/2026-04-01

CWECWE-20, CWE-264

PublishedApr 6, 2026

Last enriched2h agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 153

HIGHCVE-2026-3909EXPKEV

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 65

HIGHCVE-2026-0049EXP

CVE-2026-0049: In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhausti

Trending: 65

HIGHCVE-2026-3910EXPKEV

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi

Trending: 65

HIGHCVE-2026-2441EXPKEV

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Trending: 45

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026

Updated: description, severity

Apr 6, 2026

Patch Available

Apr 7, 2026

Updated: cweIds, tags

Apr 7, 2026

Version History

Last enriched 2h ago

v3Tier D2h ago

Updated description with technical details, changed severity to HIGH, and added new CWE IDs and tags.

cweIdstags

via SecurityWeek

v2Tier C21h ago

Updated description with technical details, changed severity to HIGH, and clarified exploit availability.

descriptionseverity

via VulDB

v121h ago

Initial creation