CVE-2025-36923 – This CVE describes a heap buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2025-36923?

CVE-2025-36923 has a CVSS score of 8.0 (HIGH). This CVE describes a heap buffer overflow vulnerability in the NrmmDecoder component of Android's media framework. An attacker could exploit this to execute arbitrary code with elevated privileges on affected devices, potentially gaining full control. The vulnerability affects Android devices, particularly Google Pixel phones, and requires no user interaction for exploitation.

📋 TL;DR

This CVE describes a heap buffer overflow vulnerability in the NrmmDecoder component of Android's media framework. An attacker could exploit this to execute arbitrary code with elevated privileges on affected devices, potentially gaining full control. The vulnerability affects Android devices, particularly Google Pixel phones, and requires no user interaction for exploitation.

💻 Affected Systems

Products:

Google Pixel phones
Android devices using affected media framework

Versions: Android versions prior to December 2025 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the media framework and could affect any app that processes media files. Pixel devices are specifically mentioned in the advisory.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of the device, installs persistent malware, accesses sensitive data, and uses the device as a pivot point in the network.

🟠

Likely Case

Attacker gains elevated privileges to install malicious apps, access device data, or use the device for further attacks within the local network.

🟢

If Mitigated

With proper network segmentation and device hardening, impact is limited to the compromised device only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

No user interaction required, but exploitation requires sending specially crafted media files to the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android security patch or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install the December 2025 security patch. 3. Reboot the device after installation.

🔧 Temporary Workarounds

Disable automatic media processing

android

Prevent automatic processing of media files from untrusted sources

Network segmentation

all

Isolate Android devices on separate network segments to limit lateral movement

🧯 If You Can't Patch

Segment Android devices on isolated network VLANs
Implement strict firewall rules to limit device communication to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than December 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows December 2025 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Crash logs from media server processes
Unexpected privilege escalation attempts
Suspicious media file processing

Network Indicators:

Unusual network traffic from Android devices
Media files being sent to devices from untrusted sources

SIEM Query:

source="android_logs" AND (process="mediaserver" OR process="media.codec") AND (event="crash" OR event="segfault")

📊 Metadata

CVE ID: CVE-2025-36923

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.01% exploit probability (1.8th percentile)

Published: December 11, 2025

Last Updated: December 12, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2025-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36923, you might also want to check these: