Skip to main content

CVE-2025-27701: Information disclosure in Google Android

Medium
VulnerabilityCVE-2025-27701cvecve-2025-27701
Published: Tue May 27 2025 (05/27/2025, 15:42:11 UTC)
Source: CVE Database V5
Vendor/Project: Google
Product: Android

Description

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

AI-Powered Analysis

AILast updated: 07/06/2025, 02:25:42 UTC

Technical Analysis

CVE-2025-27701 is a medium-severity vulnerability affecting the Android kernel, specifically within the function process_crypto_cmd. The vulnerability arises because the function handles an array of pointers (ptrs[i]) that can legitimately be NULL after a call to slice_map_array(). However, these pointers are dereferenced later in the code without a prior NULL check. This unsafe dereference can lead to an out-of-bounds (OOB) read or a local temporary denial of service (DoS). The OOB read can cause information disclosure by exposing kernel memory contents to a local attacker. The vulnerability is classified under CWE-476 (NULL Pointer Dereference), indicating a failure to validate pointer values before use. The CVSS v3.1 base score is 5.5, reflecting a medium severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The impact is high on confidentiality (C:H) but does not affect integrity or availability. No known exploits are currently in the wild, and no patches have been linked yet. This vulnerability is relevant to Android devices running affected kernel versions, which are widespread globally. The flaw could be exploited by a local attacker or malicious app with limited privileges to gain unauthorized access to sensitive kernel memory, potentially leaking sensitive information or causing temporary service disruption.

Potential Impact

For European organizations, this vulnerability poses a risk primarily to mobile devices running vulnerable Android kernel versions. Enterprises with Bring Your Own Device (BYOD) policies or those deploying Android-based devices in their operations could face information disclosure risks if attackers exploit this flaw locally. The exposure of kernel memory could lead to leakage of sensitive data, including cryptographic keys or user information, undermining confidentiality. Although the vulnerability does not directly impact integrity or availability, the potential for local DoS could disrupt device functionality temporarily, affecting productivity. Organizations in sectors with high mobile device usage, such as finance, healthcare, and government, may be more impacted. Additionally, attackers could leverage this vulnerability as a stepping stone for privilege escalation or further attacks, increasing the overall threat landscape. Given the local attack vector and low privilege requirement, malicious insiders or compromised apps could exploit this vulnerability. The lack of known exploits reduces immediate risk but does not eliminate the need for vigilance and mitigation.

Mitigation Recommendations

To mitigate CVE-2025-27701, organizations should prioritize updating Android devices to kernel versions that include the fix once available from Google or device manufacturers. Until patches are released, organizations should enforce strict application vetting policies to prevent installation of untrusted or malicious apps that could exploit this vulnerability locally. Employing mobile device management (MDM) solutions to restrict app permissions and monitor device behavior can reduce exploitation risk. Additionally, disabling or limiting access to vulnerable kernel interfaces where feasible can reduce attack surface. Security teams should monitor for unusual local activity indicative of exploitation attempts. For high-security environments, consider isolating critical Android devices or restricting physical and local access to trusted users only. Regularly reviewing and applying security updates promptly is essential. Finally, educating users on the risks of installing untrusted apps and maintaining strong endpoint security hygiene will help mitigate exploitation likelihood.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Google_Devices
Date Reserved
2025-03-05T19:11:23.389Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6835e152182aa0cae218e508

Added to database: 5/27/2025, 3:59:14 PM

Last enriched: 7/6/2025, 2:25:42 AM

Last updated: 7/30/2025, 4:10:17 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats