CVE-2025-22413 β€” Improper Check or Handling of Exceptional Conditions in Google Android

CWE-703 β€” Improper Check or Handling of Exceptional Conditions5 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
0.0%
top 91.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedAug 26
Latest updateAug 27

Description

In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages1 packages

β–ΆCVEListV5google/androidAndroid kernel

πŸ”΄Vulnerability Details

3
GHSA
GHSA-xx9q-649r-gp4m: In multiple functions of hyp-main↗2025-08-27
β–Ά
CVEList
CVE-2025-22413: In multiple functions of hyp-main↗2025-08-26
β–Ά
OSV
CVE-2025-22413: In multiple functions of hyp-main↗2025-03-01
β–Ά

πŸ“‹Vendor Advisories

1
Android
CVE-2025-22413: KVM↗2025-03-01
β–Ά
CVE-2025-22413 β€” Google Android vulnerability | cvebase