CVE-2024-43093

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 7 articles Published: 2024-11-13

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.16%

probability

This CVE has a 0.16% probability of being exploited in the next 30 days.

0% Top 36.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.3

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Products

Google

Android

15 14 13 12L 12

Attack Intelligence

CWE-172 CWE-176 · Improper Handling of Unicode Encoding CWE-707 · Improper Neutralization

Google Project Zero

Patched

Nov. 4, 2024

Reported by

LSPosed Developers

Root Cause Analysis

???

https://android.googlesource.com/platform/frameworks/base/+/7f83c671626f9bf993581f4598c22482d87cba10

https://source.android.com/security/bulletin/2025-03-01

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.16%

CVSS v3.1 7.3

Mentions 7

Last Seen May 05, 2026

CNA Information

CNA Assigner

google_android

Analyst Note

CVE-2024-43093 demonstrates clear evidence of active exploitation in the wild, with reported use by Serbian authorities and documented attacks covered by multiple reputable sources. The HIGH CVSS score (7.3) combined with confirmation from Google Project Zero and multiple exploitation reports provides strong validation of the CONFIRMED status.