Google Android vulnerabilities
7,234 known vulnerabilities affecting google/android.
Total CVEs
7,234
CISA KEV
18
actively exploited
Public exploits
48
Exploited in wild
18
Severity breakdown
CRITICAL544HIGH2984MEDIUM3458LOW248
Vulnerabilities
Page 13 of 362
CVE-2025-61608HIGHCVSS 7.5v13.0v14.0+2 more2025-12-01
CVE-2025-61608 [HIGH] CVE-2025-61608: In nr modem, there is a possible system crash due to improper input validation. This could lead to r
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
nvd
CVE-2025-61618HIGHCVSS 7.5v13.0v14.0+2 more2025-12-01
CVE-2025-61618 [HIGH] CVE-2025-61618: In nr modem, there is a possible system crash due to improper input validation. This could lead to r
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
nvd
CVE-2025-61619HIGHCVSS 7.5v13.0v14.0+2 more2025-12-01
CVE-2025-61619 [HIGH] CVE-2025-61619: In nr modem, there is a possible system crash due to improper input validation. This could lead to r
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
nvd
CVE-2025-11133HIGHCVSS 7.5v13.0v14.0+2 more2025-12-01
CVE-2025-11133 [HIGH] CVE-2025-11133: In nr modem, there is a possible system crash due to improper input validation. This could lead to r
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
nvd
CVE-2025-48593HIGHCVSS 8.0v13.0v14.0+6 more2025-11-18
CVE-2025-48593 [HIGH] CWE-416 CVE-2025-48593: In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-20746MEDIUMCVSS 6.7v14.0v15.02025-11-04
CVE-2025-20746 [MEDIUM] CWE-121 CVE-2025-20746: In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This coul
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.
nvd
CVE-2025-20749MEDIUMCVSS 6.7v14.0v15.0+1 more2025-11-04
CVE-2025-20749 [MEDIUM] CWE-121 CVE-2025-20749: In charger, there is a possible out of bounds write due to a missing bounds check. This could lead t
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.
nvd
CVE-2025-20744MEDIUMCVSS 4.2v13.0v14.0+2 more2025-11-04
CVE-2025-20744 [MEDIUM] CWE-416 CVE-2025-20744: In pda, there is a possible escalation of privilege due to use after free. This could lead to local
In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542.
nvd
CVE-2025-20743MEDIUMCVSS 4.2v14.0v15.0+1 more2025-11-04
CVE-2025-20743 [MEDIUM] CWE-416 CVE-2025-20743: In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to loc
In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10136671; Issue ID: MSV-4651.
nvd
CVE-2025-20745MEDIUMCVSS 4.2v13.0v14.0+1 more2025-11-04
CVE-2025-20745 [MEDIUM] CWE-416 CVE-2025-20745: In apusys, there is a possible memory corruption due to use after free. This could lead to local esc
In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10095441; Issue ID: MSV-4294.
nvd
CVE-2025-20730MEDIUMCVSS 6.7v13.0v14.0+2 more2025-11-04
CVE-2025-20730 [MEDIUM] CWE-287 CVE-2025-20730: In preloader, there is a possible escalation of privilege due to an insecure default value. This cou
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.
nvd
CVE-2025-20747MEDIUMCVSS 6.7v14.0v15.02025-11-04
CVE-2025-20747 [MEDIUM] CWE-121 CVE-2025-20747: In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This coul
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966.
nvd
CVE-2025-20721HIGHCVSS 7.8v13.0v14.0+2 more2025-10-14
CVE-2025-20721 [HIGH] CWE-787 CVE-2025-20721: In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead
In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.
nvd
CVE-2025-20723HIGHCVSS 7.8v14.0v15.02025-10-14
CVE-2025-20723 [HIGH] CWE-787 CVE-2025-20723: In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could
In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797.
nvd
CVE-2025-20722MEDIUMCVSS 5.5v14.0v15.02025-10-14
CVE-2025-20722 [MEDIUM] CWE-190 CVE-2025-20722: In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead t
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.
nvd
CVE-2025-32318HIGHCVSS 8.8v16.0v162025-09-05
CVE-2025-32318 [HIGH] CWE-122 CVE-2025-32318: In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to r
In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-32320HIGHCVSS 7.8v16.0v162025-09-05
CVE-2025-32320 [HIGH] CWE-441 CVE-2025-32320: In System UI, there is a possible way to view other users' images due to a confused deputy. This cou
In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-32316MEDIUMCVSS 5.5v16.0v162025-09-05
CVE-2025-32316 [MEDIUM] CWE-787 CVE-2025-32316: In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead
In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2024-0028MEDIUMCVSS 5.5v16.0v162025-09-05
CVE-2024-0028 [MEDIUM] CWE-862 CVE-2024-0028: In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to
In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-32317MEDIUMCVSS 5.5v16.0v162025-09-05
CVE-2025-32317 [MEDIUM] CWE-441 CVE-2025-32317: In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead
In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd