Google Android vulnerabilities

CVE-2025-26434 [MEDIUM] CWE-120 CVE-2025-26434: In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to loca In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26461 [LOW] CWE-703 CVE-2025-26461: In Permission Manager, there is a possible way for the microphone privacy indicator to remain activa In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36904 [CRITICAL] CWE-269 CVE-2025-36904: WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-39645 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.

CVE-2025-36897 [CRITICAL] CWE-787 CVE-2025-36897: In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bou In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36896 [CRITICAL] CWE-269 CVE-2025-36896: WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-39476 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.

CVE-2025-32332 [HIGH] CWE-416 CVE-2025-32332: In multiple locations, there is a possible memory corruption due to a use after free. This could lea In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48545 [HIGH] CWE-441 CVE-2025-48545: In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privilege In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22441 [HIGH] CWE-441 CVE-2025-22441: In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26436 [HIGH] CWE-863 CVE-2025-26436: In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an applicatio In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36901 [HIGH] CWE-269 CVE-2025-36901: WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-39646 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.

CVE-2025-26439 [HIGH] CWE-693 CVE-2025-26439: In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious T In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26443 [HIGH] CWE-693 CVE-2025-26443: In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing i In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48539 [HIGH] CWE-416 CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after fre In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48535 [HIGH] CWE-502 CVE-2025-48535: In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to expl In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48540 [HIGH] CWE-787 CVE-2025-48540: In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a l In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26452 [HIGH] CWE-441 CVE-2025-26452: In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48530 [HIGH] CWE-125 CVE-2025-48530: In multiple locations, there is a possible condition that results in OOB accesses due to an incorrec In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32345 [HIGH] CWE-269 CVE-2025-32345: In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a se In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32312 [HIGH] CWE-502 CVE-2025-32312: In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48543 [HIGH] CWE-416 CVE-2025-48543: In multiple locations, there is a possible way to escape chrome sandbox to attack android system_ser In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.