ByteOS Network

NVD Vulnerability Details :

CVE-2025-26425

Analyzed

Source-security@android.com

Published At-04 Sep, 2025 | 18:15

Updated At-05 Sep, 2025 | 19:11

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed for exploitation.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

Google LLC

>>android>>14.0

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

Google LLC

>>android>>15.0

cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-266	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-266

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://android.googlesource.com/platform/packages/modules/Permission/+/850ce9ea3ac72540ce310722633d9c893a32dfdd	security@android.com	Patch
https://source.android.com/security/bulletin/2025-05-01	security@android.com	Vendor Advisory

Hyperlink: https://android.googlesource.com/platform/packages/modules/Permission/+/850ce9ea3ac72540ce310722633d9c893a32dfdd

Source: security@android.com

Resource:

Patch

Hyperlink: https://source.android.com/security/bulletin/2025-05-01

Source: security@android.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History