CVE-2025-26430 – This vulnerability in Android's Settings app al... (How to Fix)

📋 TL;DR

This vulnerability in Android's Settings app allows malicious apps to access files from other user profiles without permission. It enables local privilege escalation without requiring user interaction. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:

Android Settings app

Versions: Android versions prior to May 2025 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects multi-user Android devices; requires malicious app installation

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of device with access to sensitive user data across profiles, potentially leading to credential theft, data exfiltration, or further system compromise.

🟠

Likely Case

Malicious app gains unauthorized access to files from other user profiles, potentially exposing personal data, photos, documents, or authentication tokens.

🟢

If Mitigated

Limited impact with proper app sandboxing and minimal sensitive data in shared locations.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires malicious app installation but no user interaction after installation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2025 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-05-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update
2. Install May 2025 Android security patch or later
3. Reboot device after installation

🔧 Temporary Workarounds

Disable multi-user profiles

android

Remove additional user profiles to eliminate cross-user file access vectors

adb shell pm remove-user USER_ID

Restrict app installations

android

Only install apps from trusted sources like Google Play Store

🧯 If You Can't Patch

Isolate sensitive data from shared storage locations
Implement strict app vetting and installation policies

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows May 2025 or later date

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns across user profiles
Suspicious app behavior in Settings app context

Network Indicators:

Unexpected data exfiltration from device

SIEM Query:

source="android_logs" AND (event="file_access" AND target_user!=current_user)

📊 Metadata

CVE ID: CVE-2025-26430

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-285

EPSS Score: 0.01% exploit probability (0.7th percentile)

Published: September 4, 2025

Last Updated: September 29, 2025

🔗 References

https://android.googlesource.com/platform/packages/apps/Settings/+/484b4be8f3634fa0d0fed53729490b9135c644b5 Patch,Product
https://source.android.com/security/bulletin/2025-05-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26430, you might also want to check these: