CVE-2025-36912 – This vulnerability in cellular modem firmware a... (How to Fix)

Q: What is the severity of CVE-2025-36912?

CVE-2025-36912 has a CVSS score of 6.5 (MEDIUM). This vulnerability in cellular modem firmware allows remote attackers to cause denial of service without user interaction or special privileges. It affects Android devices with vulnerable modem chipsets, potentially impacting cellular connectivity for affected users.

📋 TL;DR

This vulnerability in cellular modem firmware allows remote attackers to cause denial of service without user interaction or special privileges. It affects Android devices with vulnerable modem chipsets, potentially impacting cellular connectivity for affected users.

💻 Affected Systems

Products:

Google Pixel devices with vulnerable modem firmware

Versions: Android versions prior to December 2025 security update

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires cellular modem chipset with vulnerable firmware; Wi-Fi only devices not affected

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of cellular connectivity requiring device reboot or service intervention

🟠

Likely Case

Temporary cellular service disruption until modem resets

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required; exploit likely involves specially crafted cellular network packets

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android security update

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install December 2025 security update. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable cellular data

android

Switch to Wi-Fi only mode to prevent cellular modem exploitation

Settings > Network & internet > Mobile network > Mobile data (toggle off)

Airplane mode toggle

android

Temporarily disable all wireless radios including cellular

Settings > Network & internet > Airplane mode (toggle on)

🧯 If You Can't Patch

Segment cellular network traffic and monitor for anomalous modem behavior
Implement network-level filtering for suspicious cellular protocol traffic

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Build number

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'December 1, 2025' or later

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected cellular service disconnections
Baseband processor errors

Network Indicators:

Abnormal cellular protocol packets
Suspicious modem reset patterns

SIEM Query:

source="android_logs" AND ("modem_crash" OR "baseband_failure" OR "cellular_service_lost")

📊 Metadata

CVE ID: CVE-2025-36912

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.14% exploit probability (33.5th percentile)

Published: December 11, 2025

Last Updated: December 12, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2025-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON