CVE-2025-26425

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-26425

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26425.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-26425

Aliases

A-379362792
ASB-A-379362792

Published

2025-09-04T18:15:40.663Z

Modified

2026-04-10T05:23:31.392680Z

Severity

4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGEDEFAULTAPPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26425.json"