CVE-2025-8192

Published: Jul 31, 2025

Modified: Jul 31, 2025

PUBLISHED

Description

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.

Vendor	Product	Versions
Android	TV	affected `0`

Weaknesses (CWE)

CWE-367

References

https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60309

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-8192

Description

Affected Products

Weaknesses (CWE)

References