CVE-2025-36890 – CVE-2025-36890 is an elevation of privilege vul... (How to Fix)

Q: What is the severity of CVE-2025-36890?

CVE-2025-36890 has a CVSS score of 9.8 (CRITICAL). CVE-2025-36890 is an elevation of privilege vulnerability in Android that allows attackers to gain higher system privileges than intended. This affects Google Pixel devices running vulnerable Android versions, potentially enabling unauthorized access to sensitive system functions.

📋 TL;DR

CVE-2025-36890 is an elevation of privilege vulnerability in Android that allows attackers to gain higher system privileges than intended. This affects Google Pixel devices running vulnerable Android versions, potentially enabling unauthorized access to sensitive system functions.

💻 Affected Systems

Products:

Google Pixel devices

Versions: Android versions prior to September 2025 security update

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects Google Pixel devices as per the Android security bulletin. Other Android devices may be affected but not confirmed.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to execute arbitrary code with system privileges, access all user data, and persist malware.

🟠

Likely Case

Local attacker gains elevated privileges to access protected system resources or user data they shouldn't have access to.

🟢

If Mitigated

Limited impact with proper security controls, potentially only affecting isolated app sandboxes.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation requiring initial access to the device.

🏢 Internal Only: HIGH - Once an attacker has any foothold on the device, they can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the device. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: September 2025 Android security update

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-09-01

Restart Required: Yes

Instructions:

1. Go to Settings > System > System update. 2. Check for updates. 3. Download and install September 2025 security update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store to reduce attack surface

Disable developer options

android

Turn off USB debugging and developer options when not needed

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict app whitelisting and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If before September 2025 security patch, device is vulnerable.

Check Version:

Settings > About phone > Android version and Android security patch level

Verify Fix Applied:

Verify Android security patch level shows 'September 5, 2025' or later in Settings > About phone > Android security patch level.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts in system logs
Suspicious process creation with elevated privileges

Network Indicators:

Unusual network connections from system processes
Data exfiltration patterns

SIEM Query:

Process creation events where parent process has low privileges but child process has SYSTEM or ROOT privileges

📊 Metadata

CVE ID: CVE-2025-36890

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.03% exploit probability (7.2th percentile)

Published: September 4, 2025

Last Updated: September 29, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2025-09-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36890, you might also want to check these: