CVE-2025-26463
published 2025-09-04CVE-2025-26463: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13:0 < 13:2025-06-01 | 13:2025-06-01 |
| platform | frameworks_base | >= 14:0 < 14:2025-06-01 | 14:2025-06-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-06-01 | 15:2025-06-01 |
| platform | frameworks_base | >= 16-next:0 < 16-next:2025-06-01 | 16-next:2025-06-01 |
GHSA
GHSA-342p-69x7-757j: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages
ghsa_unreviewed·2025-09-05
CVE-2025-26463 [MEDIUM] CWE-400 GHSA-342p-69x7-757j: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-26463: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages
osv·2025-06-01
CVE-2025-26463 CVE-2025-26463: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2025-26463: Android Security Bulletin 2025-06-01
CVE: CVE-2025-26463
Severity: HIGH
Type: DoS
Affected AOSP versions: 13, 14, 15
References: A-303227969
vendor_android·2025-06-01·CVSS 5.5
CVE-2025-26463 [MEDIUM] CVE-2025-26463: Android Security Bulletin 2025-06-01
CVE: CVE-2025-26463
Severity: HIGH
Type: DoS
Affected AOSP versions: 13, 14, 15
References: A-303227969
Android Security Bulletin 2025-06-01
CVE: CVE-2025-26463
Severity: HIGH
Type: DoS
Affected AOSP versions: 13, 14, 15
References: A-303227969
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published