CVE-2025-26453
published 2025-09-04CVE-2025-26453: In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | packages_modules_bluetooth | >= 13:0 < 13:2025-06-01 | 13:2025-06-01 |
| platform | packages_modules_bluetooth | >= 14:0 < 14:2025-06-01 | 14:2025-06-01 |
| platform | packages_modules_bluetooth | >= 15:0 < 15:2025-06-01 | 15:2025-06-01 |
| platform | packages_modules_bluetooth | >= 16-next:0 < 16-next:2025-06-01 | 16-next:2025-06-01 |
Android
CVE-2025-26453: Android Security Bulletin 2025-06-01
CVE: CVE-2025-26453
Severity: HIGH
Type: ID
Affected AOSP versions: 13, 14, 15
References: A-395643490
vendor_android·2025-06-01·CVSS 5.5
CVE-2025-26453 [MEDIUM] CVE-2025-26453: Android Security Bulletin 2025-06-01
CVE: CVE-2025-26453
Severity: HIGH
Type: ID
Affected AOSP versions: 13, 14, 15
References: A-395643490
Android Security Bulletin 2025-06-01
CVE: CVE-2025-26453
Severity: HIGH
Type: ID
Affected AOSP versions: 13, 14, 15
References: A-395643490
GHSA
GHSA-cjcx-g9pm-w9qg: In isContentUriForOtherUser of BluetoothOppSendFileInfo
ghsa_unreviewed·2025-09-05
CVE-2025-26453 [MEDIUM] CWE-200 GHSA-cjcx-g9pm-w9qg: In isContentUriForOtherUser of BluetoothOppSendFileInfo
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-26453: In isContentUriForOtherUser of BluetoothOppSendFileInfo
osv·2025-06-01
CVE-2025-26453 CVE-2025-26453: In isContentUriForOtherUser of BluetoothOppSendFileInfo
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published