Login Sign Up

CVE-2025-36911

7.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in key-based pairing allows attackers within proximity to intercept and access users' conversations and location data without requiring authentication or user interaction. It affects Android devices using vulnerable pairing implementations, potentially exposing sensitive personal communications and tracking information.

💻 Affected Systems

Products:
  • Android devices with vulnerable key-based pairing implementation
Versions: Specific versions not specified in references, but appears to affect Android Pixel devices based on bulletin reference
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires proximity/adjacent access but no authentication or user interaction. References suggest Pixel devices are affected.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all conversations and real-time location tracking of affected users, enabling surveillance, blackmail, or physical security threats.

🟠

Likely Case

Interception of nearby users' conversations and periodic location data exposure, potentially revealing sensitive personal or business information.

🟢

If Mitigated

Limited exposure if devices are updated or pairing is disabled, though proximity-based attacks remain possible against unpatched systems.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires proximity to target device but no technical barriers beyond being within range. No user interaction needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin 2026-01-01 or later

Vendor Advisory: https://source.android.com/docs/security/bulletin/pixel/2026/2026-01-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install available security updates. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable Bluetooth and Nearby Share

android

Turn off Bluetooth and Nearby Share features to prevent pairing attacks

adb shell settings put global bluetooth_on 0
adb shell pm disable-user --user 0 com.google.android.gms.nearby.sharing

Enable Airplane Mode

android

Disable all wireless communications when in sensitive environments

adb shell settings put global airplane_mode_on 1
adb shell am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true

🧯 If You Can't Patch

  • Physically isolate devices in Faraday cages or shielded rooms when handling sensitive conversations
  • Implement strict physical security controls to prevent unauthorized proximity access to devices

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before January 2026, likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows '2026-01-01' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected pairing requests
  • Multiple failed pairing attempts from unknown devices
  • Unusual Bluetooth/Nearby activity patterns

Network Indicators:

  • Bluetooth traffic spikes
  • Unusual device discovery patterns
  • Pairing requests from unexpected MAC addresses

SIEM Query:

source="android_logs" AND (event="bluetooth_pairing" OR event="nearby_connection") AND result="success" AND device_name="unknown"

📊 Metadata

CVE ID: CVE-2025-36911
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score: 0% exploit probability (0.1th percentile)
Published: January 15, 2026
Last Updated: January 28, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON