CVE-2025-20789Sensitive Info Insertion into Sent Data in Google Android

CWE-201Sensitive Info Insertion into Sent Data3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 99.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedDec 2

Description

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages1 packages

NVDgoogle/android15.0

🔴Vulnerability Details

2
CVEList
CVE-2025-20789: In GPU pdma, there is a possible information disclosure due to a missing bounds check2025-12-02
GHSA
GHSA-x3cc-5qrm-92gc: In GPU pdma, there is a possible information disclosure due to a missing bounds check2025-12-02
CVE-2025-20789 — Google Android vulnerability | cvebase