Google Android vulnerabilities

CVE-2025-36898 [HIGH] CWE-693 CVE-2025-36898: There is a possible escalation of privilege due to a logic error in the code. This could lead to loc There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26438 [HIGH] CWE-287 CVE-2025-26438: In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authe In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48538 [MEDIUM] CWE-20 CVE-2025-48538: In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32330 [MEDIUM] CWE-1188 CVE-2025-32330: In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept th In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26424 [MEDIUM] CWE-284 CVE-2025-26424: In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic er In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26420 [MEDIUM] CWE-281 CVE-2025-26420: In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user i In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49739 [MEDIUM] CWE-787 CVE-2024-49739: In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48542 [MEDIUM] CWE-400 CVE-2025-48542: In multiple functions of AccountManagerService.java, there is a possible permanent denial of service In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26448 [MEDIUM] CWE-457 CVE-2025-26448: In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized da In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49731 [MEDIUM] CWE-266 CVE-2024-49731: In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches wh In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48562 [MEDIUM] CWE-209 CVE-2025-48562: In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a log In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-0087 [MEDIUM] CWE-689 CVE-2025-0087: In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48551 [MEDIUM] CWE-441 CVE-2025-48551: In multiple locations, there is a possible leak of an image across the Android User isolation bounda In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26421 [MEDIUM] CWE-290 CVE-2025-26421: In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35657 [MEDIUM] CWE-125 CVE-2023-35657: In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48550 [MEDIUM] CWE-22 CVE-2025-48550: In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of servic In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26425 [MEDIUM] CWE-266 CVE-2025-26425: In multiple functions of RoleService.java, there is a possible permission squatting vulnerability du In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed

CVE-2025-26453 [MEDIUM] CWE-200 CVE-2025-26453: In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data le In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48527 [MEDIUM] CWE-200 CVE-2025-48527: In multiple locations, there is a possible way to leak hidden work profile notifications due to a lo In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26423 [MEDIUM] CWE-400 CVE-2025-26423: In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a perma In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.