CVE-2025-26461Improper Check or Handling of Exceptional Conditions in Google Android

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-770Allocation of Resources Without Limits or Throttling5 documents5 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 99.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedSep 5

Description

In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5google/android16
NVDgoogle/android16.0

🔴Vulnerability Details

3
GHSA
GHSA-p47f-2f9w-4rqq: In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app2025-09-05
CVEList
CVE-2025-26461: In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app2025-09-05
OSV
krb5 vulnerabilities2025-03-03

📋Vendor Advisories

1
Microsoft
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.2024-02-13
CVE-2025-26461 — Google Android vulnerability | cvebase