{"id":85170,"date":"2025-10-31T02:45:58","date_gmt":"2025-10-31T02:45:58","guid":{"rendered":""},"modified":"2025-11-02T03:01:42","modified_gmt":"2025-11-02T09:01:42","slug":"cve-2025-48523-unauthorized-addition-of-contacts-due-to-java-logic-error","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-48523-unauthorized-addition-of-contacts-due-to-java-logic-error\/","title":{"rendered":"CVE-2025-48523: Unauthorized Addition of Contacts Due to Java Logic Error<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In this report, we are focusing on the CVE-2025-48523 vulnerability, a logic error in the onCreate function of SelectAccountActivity.java. This vulnerability allows unauthorized users to add contacts without necessary permissions, potentially leading to a local escalation of privilege. This can potentially compromise the system<\/a> or leak data. The issue is especially alarming as it does not require user interaction for exploitation, making it a serious threat for any entity using the affected products.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-48523
\nSeverity: High (7.8 CVSS Score)
\nAttack Vector: Local
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Unauthorized contact addition can lead<\/a> to local privilege escalation, potentially resulting in system compromise or data leakage.<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n