Login Sign Up

CVE-2025-26458

7.8 HIGH

📋 TL;DR

This vulnerability allows malicious apps to launch background activities without user interaction due to a logic error in Android's LocationProviderManager. It enables local privilege escalation, potentially allowing apps to perform unauthorized actions. All Android devices running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to June 2025 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All Android devices with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise where malicious apps gain system-level privileges, access sensitive data, install persistent malware, or disable security controls.

🟠

Likely Case

Malicious apps bypass permission checks to access location data, camera, microphone, or other protected resources without user consent.

🟢

If Mitigated

Limited impact with proper app vetting, minimal permissions granted, and security monitoring in place.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious app to be installed on the device. No user interaction needed once app is installed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2025 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-06-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install June 2025 security patch or later. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like Google Play Store and avoid sideloading unknown apps.

Review app permissions

all

Regularly audit and remove unnecessary app permissions, especially for location access.

🧯 If You Can't Patch

  • Implement mobile device management (MDM) with strict app whitelisting
  • Deploy endpoint detection and response (EDR) solutions for Android devices

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level. If before June 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows June 2025 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual background activity launches from apps
  • Permission escalation attempts in system logs

Network Indicators:

  • Unexpected network connections from apps with minimal permissions

SIEM Query:

source="android_system_logs" AND (event="background_activity_launch" OR event="permission_violation")

📊 Metadata

CVE ID: CVE-2025-26458
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-693
EPSS Score: 0.01% exploit probability (0.9th percentile)
Published: September 4, 2025
Last Updated: September 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26458, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)