CVE-2025-48620

In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application’s component name to persist even after uninstalling due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

More information : https://android.googlesource.com/platform/frameworks/base/+/84dd2b90f4a2ea1ebc5b78f08f14c5a3b92c9c2d