In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2025-48645 here:
Use Tor Browser to access .onion site.
https://sonitex.com/exploit-112-cve-2026-2959/
https://sonitex.com/exploit-426-cve-2025-70821/