Google Chrome Android Sandbox Escalation via UAF
CVE-2025-48543 Published on September 4, 2025

In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

NVD

Known Exploited Vulnerability

This Android Runtime Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.

The following remediation steps are recommended / required by September 25, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2025-48543 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2025-48543 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2025-48543

stack.watch emails you whenever new vulnerabilities are published in Google Android or Google Chrome. Just hit a watch button to start following.

Google Android
 
Google Chrome
 

Affected Versions

Google Android:

Exploit Probability

EPSS
0.31%
Percentile
54.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.