Google Android vulnerabilities

CVE-2025-48528 [MEDIUM] CWE-266 CVE-2025-48528: In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay att In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26427 [MEDIUM] CWE-24 CVE-2025-26427: In multiple locations, there is a possible Android/data access due to a path traversal error. This c In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26426 [MEDIUM] CWE-20 CVE-2025-26426: In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48524 [MEDIUM] CWE-862 CVE-2025-48524: In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing perm In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0077 [MEDIUM] CWE-1223 CVE-2025-0077: In multiple functions of UserController.java, there is a possible lock screen bypass due to a race c In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26422 [MEDIUM] CWE-279 CVE-2025-26422: In dump of WindowManagerService.java, there is a possible way of running dumpsys without the require In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26432 [MEDIUM] CWE-130 CVE-2025-26432: In multiple locations, there is a possible way to persistently DoS the device due to a missing lengt In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36893 [MEDIUM] CWE-908 CVE-2025-36893: In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitializ In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36900 [MEDIUM] CWE-190 CVE-2025-36900: In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer over In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26445 [MEDIUM] CWE-862 CVE-2025-26445: In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a mis In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48559 [MEDIUM] CWE-20 CVE-2025-48559: In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due t In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26442 [MEDIUM] CWE-863 CVE-2025-26442: In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verificati In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48554 [MEDIUM] CWE-693 CVE-2025-48554: In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial o In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26456 [MEDIUM] CWE-703 CVE-2025-26456: In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22425 [MEDIUM] CWE-276 CVE-2025-22425: In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input valid In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26429 [MEDIUM] CWE-20 CVE-2025-26429: In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48561 [MEDIUM] CWE-203 CVE-2025-48561: In multiple locations, there is a possible way to access data displayed on the screen due to side ch In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48526 [MEDIUM] CWE-266 CVE-2025-48526: In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to la In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-56189 [MEDIUM] CWE-125 CVE-2024-56189: In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48529 [MEDIUM] CWE-441 CVE-2025-48529: In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data le In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.