CVE-2025-36904
📋 TL;DR
This vulnerability in the WLAN subsystem of Android on Google Pixel devices allows local attackers to gain elevated privileges on affected devices. Attackers could potentially execute arbitrary code with kernel-level permissions. Only Google Pixel devices running Android versions before the September 2025 security patch are affected.
💻 Affected Systems
- Google Pixel devices
📦 What is this software?
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to install persistent malware, access all user data, intercept communications, and maintain persistence even after device reboots.
Likely Case
Local privilege escalation allowing malicious apps to break out of sandbox restrictions and access sensitive system resources or user data they shouldn't have permission to access.
If Mitigated
Limited impact if devices are fully patched and have proper app sandboxing and security controls enabled.
🎯 Exploit Status
Requires local access to the device; likely requires a malicious app to be installed or physical access to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android security patch level 2025-09-05 or later
Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-09-01
Restart Required: Yes
Instructions:
1. Go to Settings > System > System update. 2. Check for updates. 3. Download and install the September 2025 security patch. 4. Restart device when prompted.
🔧 Temporary Workarounds
Disable WLAN
androidTemporarily disable wireless networking to prevent exploitation through the vulnerable WLAN subsystem
adb shell svc wifi disable
Restrict app installations
androidOnly install apps from trusted sources like Google Play Store and disable unknown sources
Settings > Security > Install unknown apps > Disable for all apps
🧯 If You Can't Patch
- Isolate vulnerable devices from sensitive networks and data
- Implement strict app installation policies and monitor for suspicious app behavior
🔍 How to Verify
Check if Vulnerable:
Check Settings > About phone > Android security patch level. If date is before 2025-09-05, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Android security patch level shows 2025-09-05 or later in Settings > About phone.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs related to WLAN driver
- Unexpected privilege escalation attempts in system logs
- SELinux denials related to WLAN permissions
Network Indicators:
- Unusual WLAN driver behavior or crashes
- Suspicious network activity from system-level processes
SIEM Query:
source="android_logs" AND ("WLAN" OR "wifi") AND ("panic" OR "crash" OR "privilege")