Login Sign Up

CVE-2025-26463

5.5 MEDIUM
Denial of Service

📋 TL;DR

This Android vulnerability allows resource exhaustion through repeated package access requests, potentially causing persistent denial of service on affected devices. It affects Android systems with the vulnerable framework code and requires no user interaction or special privileges for exploitation.

💻 Affected Systems

Products:
  • Android
Versions: Specific Android versions mentioned in the June 2025 security bulletin
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Android framework's allowPackageAccess functionality across multiple files

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service rendering the device unusable until factory reset or manual intervention

🟠

Likely Case

Degraded device performance, app crashes, or temporary unresponsiveness requiring reboot

🟢

If Mitigated

Minimal impact with proper resource monitoring and process isolation

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the device
🏢 Internal Only: MEDIUM - Malicious apps or users with physical access could exploit this

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to repeatedly call allowPackageAccess functions; no authentication needed but requires app installation or system access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level June 2025 or later

Vendor Advisory: https://source.android.com/security/bulletin/2025-06-01

Restart Required: No

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Apply the June 2025 security patch or later. 3. Verify patch installation in Settings > About phone > Android security patch level.

🔧 Temporary Workarounds

Restrict app installation

Android

Prevent installation of untrusted apps that could exploit this vulnerability

adb shell settings put secure install_non_market_apps 0

🧯 If You Can't Patch

  • Implement strict app vetting and only allow trusted applications
  • Monitor system resources and restart services showing abnormal resource consumption

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If before June 2025, likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows June 2025 or later date

📡 Detection & Monitoring

Log Indicators:

  • Repeated PackageManager operations
  • Resource exhaustion warnings in system logs
  • Abnormal memory or CPU usage by system services

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

source="android_system" AND ("PackageManager" OR "allowPackageAccess") AND frequency > 1000 per minute

📊 Metadata

CVE ID: CVE-2025-26463
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.01% exploit probability (0.9th percentile)
Published: September 4, 2025
Last Updated: September 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26463, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)