CVE-2025-26428
published 2025-09-04CVE-2025-26428: In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical…
low3.2CVSS 3.1
AVPACLPRNUIRSUCLILAN
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13:0 < 13:2025-05-01 | 13:2025-05-01 |
| platform | frameworks_base | >= 14:0 < 14:2025-05-01 | 14:2025-05-01 |
| platform | frameworks_base | >= 15-next:0 < 15-next:2025-05-01 | 15-next:2025-05-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-05-01 | 15:2025-05-01 |
GHSA
GHSA-8r65-jwf6-5j33: In startLockTaskMode of LockTaskController
ghsa_unreviewed·2025-09-04
CVE-2025-26428 [LOW] CWE-290 GHSA-8r65-jwf6-5j33: In startLockTaskMode of LockTaskController
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
OSV
CVE-2025-26428: In startLockTaskMode of LockTaskController
osv·2025-05-01
CVE-2025-26428 CVE-2025-26428: In startLockTaskMode of LockTaskController
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Android
CVE-2025-26428: Android Security Bulletin 2025-05-01
CVE: CVE-2025-26428
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-378514614
vendor_android·2025-05-01·CVSS 3.2
CVE-2025-26428 [LOW] CVE-2025-26428: Android Security Bulletin 2025-05-01
CVE: CVE-2025-26428
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-378514614
Android Security Bulletin 2025-05-01
CVE: CVE-2025-26428
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-378514614
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published