Google Android vulnerabilities

CVE-2025-48524 [MEDIUM] CWE-862 CVE-2025-48524: In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing perm In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36900 [MEDIUM] CWE-190 CVE-2025-36900: In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer over In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26453 [MEDIUM] CWE-200 CVE-2025-26453: In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data le In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48561 [MEDIUM] CWE-203 CVE-2025-48561: In multiple locations, there is a possible way to access data displayed on the screen due to side ch In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22415 [MEDIUM] CWE-266 CVE-2025-22415: In android_app of Android.bp, there is a possible way to launch any activity as a system user. This In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26437 [MEDIUM] CWE-862 CVE-2025-26437: In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retriev In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-56189 [MEDIUM] CWE-125 CVE-2024-56189: In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48560 [MEDIUM] CWE-441 CVE-2025-48560: In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confuse In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26427 [MEDIUM] CWE-24 CVE-2025-26427: In multiple locations, there is a possible Android/data access due to a path traversal error. This c In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48554 [MEDIUM] CWE-693 CVE-2025-48554: In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial o In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26445 [MEDIUM] CWE-862 CVE-2025-26445: In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a mis In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26456 [MEDIUM] CWE-703 CVE-2025-26456: In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36908 [MEDIUM] CWE-787 CVE-2025-36908: In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an inco In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48562 [MEDIUM] CWE-209 CVE-2025-48562: In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a log In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26429 [MEDIUM] CWE-20 CVE-2025-26429: In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0087 [MEDIUM] CWE-689 CVE-2025-0087: In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26441 [MEDIUM] CWE-125 CVE-2025-26441: In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds chec In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22425 [MEDIUM] CWE-276 CVE-2025-22425: In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input valid In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26463 [MEDIUM] CWE-400 CVE-2025-26463: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allo In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40664 [MEDIUM] CWE-400 CVE-2024-40664: In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an ena In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.