CVE-2025-26422 — Platform Frameworks Base vulnerability

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 15:0 < 15:2025-05-01	15:2025-05-01

Android

CVE-2025-26422: Android Security Bulletin 2025-05-01 CVE: CVE-2025-26422 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-383328827

vendor_android·2025-05-01·CVSS 4.0

CVE-2025-26422 [MEDIUM] CVE-2025-26422: Android Security Bulletin 2025-05-01 CVE: CVE-2025-26422 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-383328827 Android Security Bulletin 2025-05-01 CVE: CVE-2025-26422 Severity: HIGH Type: EoP Affected AOSP versions: 15 References: A-383328827

GHSA

GHSA-fghc-c4mf-q7p3: In dump of WindowManagerService

ghsa_unreviewed·2025-09-04

CVE-2025-26422 [MEDIUM] CWE-279 GHSA-fghc-c4mf-q7p3: In dump of WindowManagerService In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-26422: In dump of WindowManagerService

osv·2025-05-01

CVE-2025-26422 CVE-2025-26422: In dump of WindowManagerService In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26422: In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could…

Affected