CVE-2025-48574 — In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privileg — CVE Database · The Intelligence Room