Login Sign Up

CVE-2025-26429

5.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Android's AppOpsService allows local attackers to cause permanent denial of service through improper input validation in the collectOps function. It affects Android devices running vulnerable versions and requires no user interaction or special privileges for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to May 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices running affected versions are vulnerable by default; no special configuration required.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device bricking requiring factory reset or hardware replacement, with complete loss of functionality and data.

🟠

Likely Case

Device becomes unresponsive or crashes repeatedly, requiring reboot or factory reset to restore functionality.

🟢

If Mitigated

Minimal impact with proper patching; devices remain functional with normal security controls.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.
🏢 Internal Only: MEDIUM - Malicious apps or users with device access could exploit this to disrupt device functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and understanding of Android system internals, but no special privileges are needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2025 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-05-01

Restart Required: No

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the May 2025 security patch or later. 3. Verify the patch is applied by checking the security patch level.

🔧 Temporary Workarounds

Restrict app permissions

all

Limit app permissions to reduce attack surface for malicious apps

Disable unnecessary system services

all

Reduce exposure by disabling unused system components

🧯 If You Can't Patch

  • Implement strict app vetting and only install from trusted sources like Google Play Store
  • Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android security patch level. If date is before May 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows May 2025 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Repeated AppOpsService crashes in logcat
  • System stability issues in device logs
  • Unexpected process terminations related to system services

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Search for logcat entries containing 'AppOpsService' crashes or 'collectOps' failures on Android devices

📊 Metadata

CVE ID: CVE-2025-26429
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.01% exploit probability (0.9th percentile)
Published: September 4, 2025
Last Updated: September 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26429, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)