Medium

Android Framework factory reset in DSU mode due to missing permission check

IdentifiersCVE-2025-48614CWE-862· Missing Authorization

CVE-2025-48614 is an Android Framework vulnerability in rebootWipeUserData of RecoverySystem.java. The issue is caused by a missing permission check, which makes it possible to trigger a factory reset while the device is in DSU mode. According to the provided description, exploitation does not require additional execution privileges and does not require user interaction. The resulting condition is a local denial-of-service scenario through unauthorized wiping of user data and forced device reset behavior.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause a factory reset of the affected Android device while in DSU mode, resulting in physical denial of service and destruction of user data on the device. The primary impact is loss of availability and loss of locally stored data, with the attack achievable without elevated privileges or user interaction once the vulnerable code path is reachable.

Mitigation

If you can’t patch tonight, do this now.

Until patches are deployed, reduce exposure by restricting local app installation to trusted sources, minimizing the ability for untrusted code to execute on affected devices, and limiting use of devices in configurations where DSU mode may be available to untrusted local actors. Enterprise controls such as application allowlisting, managed device policies, and rapid deployment of the December 2025 Android update can reduce risk. No specific workaround beyond patching is provided in the supplied content.

Remediation

Patch, then assume compromise.

Apply the Android security update that addresses CVE-2025-48614, as included in Google’s December 2025 Android Security Bulletin. Devices updated to the 2025-12-05 patch level are described as fully remediated for issues in the bulletin. OEM and downstream vendors should incorporate the upstream fix that adds the required permission enforcement in the affected RecoverySystem.java code path.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GoogleAndroidoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

cyberthroneNews

Dec 2, 2025

Android Patch Update December 2025

Android Framework information-disclosure/denial-of-service issue fixed in the December 2025 bulletin.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-48614

NVD

nvd.nist.gov/vuln/detail/CVE-2025-48614

MITRE CWE · CWE-862

Missing Authorization

Patch

android.googlesource.com/platform/frameworks/base/+/ec0c32ea736ba3c594352c345358a778334bc773

Vendor Advisory

source.android.com/security/bulletin/2025-12-01