CVE-2025-26424 — Improper Access Control

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 15-next:0 < 15-next:2025-05-01	15-next:2025-05-01
platform	frameworks_base	>= 15:0 < 15:2025-05-01	15:2025-05-01

GHSA

GHSA-x46w-jwvq-4wr7: In multiple functions of VpnManager

ghsa_unreviewed·2025-09-04

CVE-2025-26424 [MEDIUM] CWE-284 GHSA-x46w-jwvq-4wr7: In multiple functions of VpnManager In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-26424: In multiple functions of VpnManager

osv·2025-05-01

CVE-2025-26424 CVE-2025-26424: In multiple functions of VpnManager In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-26424: Android Security Bulletin 2025-05-01 CVE: CVE-2025-26424 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-341253275

vendor_android·2025-05-01·CVSS 4.0

CVE-2025-26424 [MEDIUM] CVE-2025-26424: Android Security Bulletin 2025-05-01 CVE: CVE-2025-26424 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-341253275 Android Security Bulletin 2025-05-01 CVE: CVE-2025-26424 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-341253275

CVE-2025-26424: In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information…

Affected