What is GHSA-46q9-xg35-6h5q?

GHSA-46q9-xg35-6h5q is a security advisory published by GitHub Security Advisories with High severity. In multiple locations, there is a possible way for an application on a work profile to set the...

Which CVE IDs does GHSA-46q9-xg35-6h5q cover?

GHSA-46q9-xg35-6h5q covers the following CVE IDs: CVE-2025-48612. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-46q9-xg35-6h5q?

GHSA-46q9-xg35-6h5q has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-46q9-xg35-6h5qHighCVSS 7.8

In multiple locations, there is a possible way for an application on a work profile to set the...

Vendor

GitHub Security Advisories

Published

December 8, 2025

Last Modified

June 2, 2026

🔗 CVE IDs covered (1)

CVE-2025-48612 →

📋 Description

In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2025-48612
https://android.googlesource.com/platform/packages/apps/Settings/+/aa744e8988f0e7b77a71087edd4d2546b58d2f24
https://source.android.com/security/bulletin/2025-12-01
https://source.android.com/docs/security/bulletin/2026/2026-06-01
https://github.com/advisories/GHSA-46q9-xg35-6h5q