Google Android vulnerabilities

CVE-2025-48559 [MEDIUM] CWE-20 CVE-2025-48559: In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due t In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48551 [MEDIUM] CWE-441 CVE-2025-48551: In multiple locations, there is a possible leak of an image across the Android User isolation bounda In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26449 [MEDIUM] CWE-400 CVE-2025-26449: In multiple locations, there is a possible permanent denial of service due to resource exhaustion. T In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0076 [LOW] CWE-862 CVE-2025-0076: In multiple locations, there is a possible way to view icons belonging to another user due to a miss In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26428 [LOW] CWE-290 CVE-2025-26428: In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a log In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26419 [LOW] CWE-290 CVE-2025-26419: In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic err In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26416 [CRITICAL] CWE-122 CVE-2025-26416: In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a he In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22435 [CRITICAL] CWE-843 CVE-2025-22435: In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This co In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22429 [CRITICAL] CWE-693 CVE-2025-22429: In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22416 [HIGH] CWE-441 CVE-2025-22416: In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a c In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40653 [HIGH] CWE-287 CVE-2024-40653: In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permissi In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22422 [HIGH] CWE-639 CVE-2025-22422: In multiple locations, there is a possible way to mislead a user into approving an authentication pr In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22442 [HIGH] CWE-362 CVE-2025-22442: In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unautho In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22438 [HIGH] CWE-416 CVE-2025-22438: In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22439 [HIGH] CWE-862 CVE-2025-22439: In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restr In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22419 [HIGH] CWE-1021 CVE-2025-22419: In multiple locations, there is a possible way to mislead the user into enabling malicious phone cal In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22437 [HIGH] CWE-693 CVE-2025-22437: In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22418 [HIGH] CWE-441 CVE-2025-22418: In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead t In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49730 [HIGH] CWE-787 CVE-2024-49730: In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22417 [HIGH] CWE-1021 CVE-2025-22417: In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictio In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.