CVE-2025-20696Out-of-bounds Write in Google Android

CWE-787Out-of-bounds Write4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 97.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google AndroidLinuxfoundation YoctoOpenwrt+2 more
Timeline
PublishedAug 4
Latest updateSep 1

Description

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages5 packages

NVDgoogle/android13.0, 14.0, 15.0+2
NVDopenwrt/openwrt21.02.0, 23.05+1
NVDrdkcentral/rdk-b2024q1

🔴Vulnerability Details

2
CVEList
CVE-2025-20696: In DA, there is a possible out of bounds write due to a missing bounds check2025-08-04
GHSA
GHSA-5h33-6pvx-h384: In DA, there is a possible out of bounds write due to a missing bounds check2025-08-04

📋Vendor Advisories

1
Android
CVE-2025-20696: DA2025-09-01
CVE-2025-20696 — Out-of-bounds Write in Google Android | cvebase