Login Sign Up

CVE-2025-26445

5.5 MEDIUM

📋 TL;DR

This vulnerability allows local attackers to access sensitive network connectivity data without proper permissions. It affects Android devices running vulnerable versions of the ConnectivityService. No user interaction is required for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Specific Android versions mentioned in the June 2025 security bulletin
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Android devices with the vulnerable ConnectivityService implementation. Check the Android security bulletin for specific affected versions.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could extract network configuration details, connection states, or other connectivity-related sensitive information that should be protected by permissions.

🟠

Likely Case

Malicious apps could gather network information about the device without user consent, potentially enabling further attacks or privacy violations.

🟢

If Mitigated

With proper app sandboxing and security updates, the risk is limited to apps that have already bypassed some security controls.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the device.
🏢 Internal Only: MEDIUM - Local attackers or malicious apps could exploit this without additional privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level June 2025 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-06-01

Restart Required: No

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Apply the June 2025 security patch or later. 3. Verify the patch level in Settings > About phone > Android version.

🔧 Temporary Workarounds

Restrict app permissions

all

Review and restrict network-related permissions for untrusted applications

🧯 If You Can't Patch

  • Implement strict app vetting and only install applications from trusted sources
  • Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is before June 2025, the device may be vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify the security patch level shows June 2025 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual connectivity service access attempts, permission denial logs for network-related operations

Network Indicators:

  • No network indicators as this is a local vulnerability

SIEM Query:

Look for connectivity service access patterns from untrusted applications or permission violation logs

📊 Metadata

CVE ID: CVE-2025-26445
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-862
EPSS Score: 0.01% exploit probability (0.2th percentile)
Published: September 4, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26445, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)