What the vulnerability does
01Description
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
CVSS base score
6.2/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Key dates
02Disclosure timeline
February 9, 2023
CVE published
March 24, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)
CVE-2023-0837
CVE-2026-30959 OneUptime has WhatsApp Resend Verification Authorization Bypass
CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function
CVE-2026-10272 a4m4 Student-Management-System deleteform.php improper authorization
