CVE-2025-26435: Elevation of privilege in Google Android
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26435: Elevation of privilege in Google Android
Description
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- google_android
- Date Reserved
- 2025-02-10T18:29:32.999Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68b9d3be88499799243bc185
Added to database: 9/4/2025, 6:00:30 PM
Last updated: 9/4/2025, 6:00:30 PM
Views: 1
Related Threats
CVE-2025-36909: Information disclosure in Google Android
UnknownCVE-2025-36906: Elevation of privilege in Google Android
UnknownCVE-2025-26450: Elevation of privilege in Google Android
UnknownCVE-2025-26449: Denial of service in Google Android
UnknownCVE-2025-26448: Information disclosure in Google Android
UnknownActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.