Login Sign Up

CVE-2025-26448

5.5 MEDIUM

📋 TL;DR

This vulnerability in Android's CursorWindow component allows unauthenticated local attackers to read uninitialized memory, potentially exposing sensitive information from other apps or system components. It affects Android devices running vulnerable versions, requiring no user interaction for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to the June 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices with vulnerable versions are affected by default. The vulnerability is in the Android framework itself.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive data from other applications or system components could be disclosed, potentially including authentication tokens, personal information, or cryptographic keys.

🟠

Likely Case

Limited information disclosure of adjacent memory contents, possibly revealing fragments of data from other processes or system components.

🟢

If Mitigated

With proper sandboxing and memory protection, impact would be limited to reading random or non-sensitive data from the affected process's memory space.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device. No authentication is needed, but the attacker must be able to execute code on the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level June 2025 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-06-01

Restart Required: No

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the June 2025 Android security patch or later. 3. No restart is required after patch installation.

🔧 Temporary Workarounds

No effective workarounds

all

This is a core framework vulnerability requiring patching at the OS level.

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strong device management policies
  • Monitor for suspicious local process activity and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Android version > Android security patch level. If before June 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows June 2025 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory access patterns in system logs
  • Multiple failed attempts to access CursorWindow functions

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Search for process anomalies related to database cursor operations or unusual memory read patterns

📊 Metadata

CVE ID: CVE-2025-26448
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-457
EPSS Score: 0.01% exploit probability (0.3th percentile)
Published: September 4, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26448, you might also want to check these:

CVE-2025-54874 9.8

This vulnerability in OpenJPEG allows an attacker to write data beyond allocated heap memory boundar...

Same vulnerability type (CWE-457)
CVE-2022-40510 9.8

CVE-2022-40510 is a critical memory corruption vulnerability in Qualcomm audio components that allow...

Same vulnerability type (CWE-457)
CVE-2022-21217 9.8

CVE-2022-21217 is a critical out-of-bounds write vulnerability in Reolink RLC-410W IP cameras that a...

Same vulnerability type (CWE-457)