CVE-2025-22421 - Notification Content Leak via Logic Error in NotificationContentDescription.kt

---

Overview

A new Android security flaw, CVE-2025-22421, has been identified in the contentDescForNotification function within the NotificationContentDescription.kt file. This vulnerability creates an opportunity for sensitive notification content to be displayed on the lock screen due to a simple logic mistake in the code. Worryingly, this issue exposes private information even without user interaction, requiring no special permissions or privileges from attackers.

This article explores the details of this vulnerability, shows the relevant code, and explains how attackers can exploit the flaw. You’ll also find references and helpful links for further reading.

What is NotificationContentDescription.kt?

NotificationContentDescription.kt is a Kotlin source file used in the Android notification system to manage accessibility and content descriptions for notifications. These content descriptions are intended to help users, especially those with accessibility needs, interact with notifications in a safe way.

The Vulnerability

The key issue with CVE-2025-22421 is a logic error in how notification content is handled for lock screens. Normally, sensitive notification content (like message previews) should be hidden on the lock screen unless a user specifically allows it in settings. The bug causes the app to bypass these restrictions and display information regardless of user preference.

Below is a simplified reconstruction of the vulnerable function, focusing on the logic error

// NotificationContentDescription.kt

fun contentDescForNotification(notification: Notification, showOnLockscreen: Boolean): String {
    return if (showOnLockscreen) {
        // Show full content
        notification.contentText.toString()
    } else {
        // Only show app name or generic message
        notification.appName
    }
}

// Somewhere else, this function is incorrectly called:
val description = contentDescForNotification(notification, true /* Always true, logic flaw */)

The issue: The showOnLockscreen parameter is always set to true due to a logic oversight, regardless of user privacy settings. As a result, sensitive notification content is shown on the lock screen, exposing private information to anyone who can view the screen.

No privileges required: Exploit does not require rooting the device or installing extra apps.

- No user interaction: Exploitation does not require the user to click, tap or interact in any way.

Example Exploit

Suppose you receive a confidential message. Even if your settings say “Don’t show notification content on the lock screen,” the bug will display the message preview anyway:

LOCK SCREEN:
New message from John:
"Can you send me your SSN?"

Developers: Patch the function to properly respect user privacy settings.

Fixed code:

fun contentDescForNotification(notification: Notification, showOnLockscreen: Boolean): String {

val shouldShow = checkUserLockscreenPreference() // Properly fetch user preference

return if (shouldShow) notification.contentText.toString() else notification.appName

}
<br>- <b>Users</b>: Until an official update is released, consider disabling sensitive notifications from being shown on the lock screen via device Settings.<br><br>---<br><br>### References & Further Reading<br><br>- Android Security Bulletin<br>- CVE-2025-22421 at NVD *(URL may not be available until public disclosure)*<br>- Notification Privacy Settings on Android<br><br>---<br><br>### Conclusion<br><br><b>CVE-2025-22421</b> is a local information disclosure bug in Android that leaks notification content on lock screens because of a basic logic oversight in NotificationContentDescription.kt`. While it doesn’t require high technical skill or special system access to exploit, it can seriously impact user privacy. Users and developers should remain alert for updates and patches addressing this problem.

---

If you’re a developer, ensure your notification code always checks user privacy settings before displaying content. Users should routinely update devices and review notification privacy settings for better security.

Timeline

Published on: 09/02/2025 23:15:33 UTC
Last modified on: 09/04/2025 16:39:43 UTC