CVE-2025-36904 is a critical elevation of privilege vulnerability affecting the WLAN component of the Android kernel on Google Pixel devices running Android versions prior to the security update released on 2025-09-05. The vulnerability allows an attacker to escalate privileges without requiring any user interaction or prior authentication, exploiting a flaw in the handling of WLAN operations within the kernel. Specifically, the weakness relates to improper access control (CWE-269), enabling an attacker to gain higher privileges than intended, potentially achieving full system compromise. The CVSS v3.1 base score of 9.8 reflects the severity, with metrics indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability's nature and severity make it a prime target for exploitation once proof-of-concept code becomes available. The lack of a patch link suggests the update was either newly released or pending at the time of reporting, emphasizing the urgency for affected users to apply the latest security updates promptly. This vulnerability is particularly dangerous because it compromises the kernel, the core of the operating system, potentially allowing attackers to bypass all security mechanisms, install persistent malware, or exfiltrate sensitive data.

For European organizations, this vulnerability poses a significant risk, especially those relying on Google Pixel devices for corporate communications, mobile workforce, or sensitive data access. Exploitation could lead to unauthorized access to corporate networks, data breaches, and disruption of business operations. Given the kernel-level compromise, attackers could deploy rootkits or other persistent threats that evade detection by conventional security tools. The impact extends to confidentiality, integrity, and availability of data and services accessed or stored on affected devices. Organizations in sectors such as finance, government, healthcare, and critical infrastructure are particularly vulnerable due to the sensitive nature of their data and the potential for targeted attacks. Additionally, the vulnerability could be leveraged as a foothold for lateral movement within enterprise networks, increasing the overall risk posture. The absence of required user interaction or privileges lowers the barrier for exploitation, making it feasible for remote attackers to compromise devices silently.

European organizations should immediately verify the deployment of Google Pixel devices within their environment and ensure all devices are updated to the latest Android security patch released on or after 2025-09-05. Network administrators should implement strict network segmentation and monitor WLAN traffic for anomalous behavior indicative of exploitation attempts. Employ endpoint detection and response (EDR) solutions capable of detecting kernel-level anomalies and privilege escalation attempts. Restrict the use of Google Pixel devices for accessing highly sensitive systems until patches are confirmed applied. Additionally, enforce policies to limit WLAN connectivity to trusted networks only and consider disabling WLAN interfaces on devices where wireless connectivity is not essential. Regularly audit device compliance and educate users on the importance of timely updates. For organizations with mobile device management (MDM) solutions, enforce mandatory update policies and monitor patch deployment status. Finally, maintain up-to-date incident response plans to quickly address potential compromises stemming from this vulnerability.