CVE-2025-36901
📋 TL;DR
This vulnerability in Android's WLAN subsystem on Google Pixel devices allows local attackers to gain elevated privileges. Attackers could execute arbitrary code with kernel-level permissions. Only Google Pixel devices running Android versions before the September 2025 security patch are affected.
💻 Affected Systems
- Google Pixel devices
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to install persistent malware, access all user data, and control device functions with kernel privileges.
Likely Case
Local privilege escalation allowing malware to gain higher permissions than intended, potentially leading to data theft or further system compromise.
If Mitigated
Limited impact with proper security controls; device remains functional but vulnerable to local attacks.
🎯 Exploit Status
Requires local access to device; likely exploited through malicious apps or physical access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android security patch level 2025-09-05 or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-09-01
Restart Required: Yes
Instructions:
1. Go to Settings > System > System update. 2. Check for updates. 3. Download and install the September 2025 security patch. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable WLAN when not needed
androidTurn off Wi-Fi to reduce attack surface when not actively using wireless networks
adb shell svc wifi disable
Settings > Network & internet > Wi-Fi > Toggle off
Restrict app permissions
androidReview and limit app permissions, especially for apps requesting unusual network or system access
Settings > Apps > [App Name] > Permissions > Review and restrict
🧯 If You Can't Patch
- Implement strict app vetting and only install apps from trusted sources like Google Play Store
- Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check Settings > About phone > Android security patch level. If date is before 2025-09-05, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Settings > About phone > Android security patch level shows 2025-09-05 or later.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- WLAN subsystem crash reports
- Unusual privilege escalation attempts in system logs
Network Indicators:
- Unusual WLAN driver behavior
- Suspicious local network activity from elevated processes
SIEM Query:
source="android_system" AND (event_type="kernel_panic" OR event_type="privilege_escalation") AND component="wlan"