CVE-2025-36904 is a critical security vulnerability discovered in the WLAN component of the Android kernel specifically affecting Google Pixel devices running Android versions prior to the patch date of September 5, 2025. The vulnerability is classified as an elevation of privilege (EoP) issue, identified under CWE-269, which relates to improper privilege management. It allows an attacker with network access to the device's WLAN interface to escalate privileges without requiring authentication or user interaction. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges or user interaction needed (PR:N/UI:N). The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H) of the affected devices, as the attacker could gain kernel-level privileges, potentially leading to full device compromise. Although no public exploits have been reported yet, the severity and ease of exploitation make it a critical threat. The vulnerability affects the Android kernel's WLAN driver or related components, which handle wireless network communication, indicating a flaw in access control or input validation that can be leveraged to bypass security boundaries. The lack of patch links suggests that fixes may be pending or recently released, emphasizing the need for timely updates. This vulnerability is particularly concerning for environments where Google Pixel devices are used for sensitive communications or operations, as attackers could leverage this flaw to gain unauthorized control over the device.

The impact of CVE-2025-36904 is severe due to its ability to grant attackers elevated privileges on affected Google Pixel devices without requiring authentication or user interaction. Successful exploitation could allow attackers to execute arbitrary code at the kernel level, leading to full device compromise. This includes unauthorized access to sensitive data, installation of persistent malware, disruption of device functionality, and potential lateral movement within enterprise networks. Organizations using Google Pixel devices for corporate communications, mobile workforce, or sensitive applications face significant risks of data breaches, espionage, and operational disruption. The vulnerability's network-based attack vector increases the risk of remote exploitation, especially in environments with untrusted or public WLAN access. The absence of known exploits in the wild currently provides a window for mitigation, but the critical severity score indicates that threat actors may develop exploits rapidly. Failure to address this vulnerability could result in widespread compromise of devices, undermining user trust and organizational security posture.

To mitigate CVE-2025-36904, organizations and users should prioritize applying official security patches from Google immediately upon release. Until patches are available, restricting WLAN access to trusted networks and disabling WLAN interfaces when not in use can reduce exposure. Network segmentation and monitoring for unusual WLAN activity can help detect potential exploitation attempts. Employing endpoint detection and response (EDR) solutions that monitor kernel-level behavior may provide early warning of exploitation. Additionally, enforcing strict device management policies, including limiting installation of untrusted applications and using mobile device management (MDM) solutions to enforce security configurations, will reduce risk. Security teams should also educate users about the risks of connecting to untrusted wireless networks. Finally, maintaining up-to-date inventories of affected devices and ensuring rapid deployment of updates across all Google Pixel devices in the environment is critical to minimizing the attack surface.