Login Sign Up

CVE-2025-26449

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a resource exhaustion vulnerability in Android's framework that could allow local attackers to cause permanent denial of service without requiring elevated privileges. The vulnerability affects Android devices and can be exploited without user interaction, potentially rendering devices unusable.

💻 Affected Systems

Products:
  • Android
Versions: Specific affected versions not explicitly stated in references, but referenced in Android Security Bulletin June 2025
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in multiple locations within Android framework/base components. No special configuration needed for exploitation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Device becomes completely unusable requiring factory reset or hardware replacement, with potential data loss and service disruption.

🟠

Likely Case

Local attacker causes device instability, crashes, or temporary unresponsiveness affecting normal operation.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place to detect resource exhaustion attempts.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local network access to the device.
🏢 Internal Only: MEDIUM - Malicious insiders or compromised internal accounts could exploit this to disrupt device functionality.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access but no authentication or special privileges. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level June 2025 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-06-01

Restart Required: No

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Apply the June 2025 security patch or later. 3. Verify patch installation by checking Security Patch Level in Settings > About phone.

🔧 Temporary Workarounds

Restrict local application installation

Android

Prevent installation of untrusted applications that could contain exploit code

adb shell settings put secure install_non_market_apps 0

🧯 If You Can't Patch

  • Implement strict access controls to limit local device access to trusted users only
  • Monitor device performance metrics for unusual resource consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check Android Security Patch Level in Settings > About phone. If before June 2025, device is likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Security Patch Level shows 'June 5, 2025' or later date in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual resource consumption patterns in system logs
  • Frequent OutOfMemory errors or system crashes

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

source="android_system_logs" AND ("OutOfMemory" OR "resource exhaustion" OR "system crash")

📊 Metadata

CVE ID: CVE-2025-26449
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.01% exploit probability (0.7th percentile)
Published: September 4, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26449, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)