CVE-2025-26437 — Missing Authorization

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 15:0 < 15:2025-06-01	15:2025-06-01
platform	frameworks_base	>= 16-next:0 < 16-next:2025-06-01	16-next:2025-06-01

GHSA

GHSA-pjf4-3fg6-h6rp: In CredentialManagerServiceStub of CredentialManagerService

ghsa_unreviewed·2025-09-05

CVE-2025-26437 [MEDIUM] CWE-862 GHSA-pjf4-3fg6-h6rp: In CredentialManagerServiceStub of CredentialManagerService In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-26437: In CredentialManagerServiceStub of CredentialManagerService

osv·2025-06-01

CVE-2025-26437 CVE-2025-26437: In CredentialManagerServiceStub of CredentialManagerService In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-26437: Android Security Bulletin 2025-06-01 CVE: CVE-2025-26437 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-370477460

vendor_android·2025-06-01·CVSS 5.5

CVE-2025-26437 [MEDIUM] CVE-2025-26437: Android Security Bulletin 2025-06-01 CVE: CVE-2025-26437 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-370477460 Android Security Bulletin 2025-06-01 CVE: CVE-2025-26437 Severity: HIGH Type: ID Affected AOSP versions: 15 References: A-370477460

CVE-2025-26437: In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check…

Affected