VYPR

PackageInstallerCN

by Samsung Mobile

CVEs (3)

  • CVE-2025-20974MedMay 7, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.

  • CVE-2023-30728Sep 6, 2023
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.

  • CVE-2021-0305Feb 10, 2021
    risk 0.00cvss epss 0.01

    In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…