ASB-A-368319929
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-368319929.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-368319929
- Aliases
-
- A-368319929
- CVE-2025-26443
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-06-26T14:51:18.212593Z
- Summary
- [none]
- Details
-
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
]
},
"id": "ASB-A-368319929-20a435dc",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0eb898e8737fe208d48812cfa45bad243deea55e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 590.0,
"function_hash": "124269671373407116152009062505619559059"
},
"id": "ASB-A-368319929-8db1d532",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0eb898e8737fe208d48812cfa45bad243deea55e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java",
"function": "parseHtml"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0eb898e8737fe208d48812cfa45bad243deea55e"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 590.0,
"function_hash": "124269671373407116152009062505619559059"
},
"id": "ASB-A-368319929-1d553ccd",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f6ffc1df5407791f3f23b535eb97663694bdf380",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java",
"function": "parseHtml"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
]
},
"id": "ASB-A-368319929-7d7d9a3e",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f6ffc1df5407791f3f23b535eb97663694bdf380",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f6ffc1df5407791f3f23b535eb97663694bdf380"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 590.0,
"function_hash": "124269671373407116152009062505619559059"
},
"id": "ASB-A-368319929-20920a58",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/38ea726daf6a6d33889ac1225372c8a4786fbfb6",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java",
"function": "parseHtml"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
]
},
"id": "ASB-A-368319929-70a1152f",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/38ea726daf6a6d33889ac1225372c8a4786fbfb6",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/38ea726daf6a6d33889ac1225372c8a4786fbfb6"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/ManagedProvisioning
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
]
},
"id": "ASB-A-368319929-1482346e",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fb3ac24b0cf78beb735c47316b73133a255c957d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 590.0,
"function_hash": "124269671373407116152009062505619559059"
},
"id": "ASB-A-368319929-b5de9806",
"source": "https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fb3ac24b0cf78beb735c47316b73133a255c957d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java",
"function": "parseHtml"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fb3ac24b0cf78beb735c47316b73133a255c957d"
],
"spl": "2025-06-01",
"severity": "High",
"types": [
"EoP"
]
}