CVE-2025-36938 is a privilege escalation vulnerability found in the U-Boot bootloader used within the Android kernel. The flaw exists in the append_uint32_le() function, where a logic error allows fault injection attacks. Fault injection is a physical attack technique that manipulates hardware or power conditions to induce errors in software execution. This vulnerability enables an attacker with physical access to the device to escalate privileges without needing any prior execution privileges or user interaction, indicating a high-risk scenario for devices exposed to physical tampering. The vulnerability affects the Android kernel's bootloader stage, which is critical for device startup and security enforcement. Exploiting this flaw could allow attackers to bypass security controls, potentially leading to persistent compromise or unauthorized control over the device. No CVSS score has been assigned yet, and no patches or known exploits are currently documented. The vulnerability was reserved in April 2025 and published in December 2025, indicating recent discovery. The lack of required user interaction and no need for prior code execution privileges make this vulnerability particularly dangerous in environments where physical device security is weak.

For European organizations, the impact of CVE-2025-36938 could be significant, especially in sectors relying heavily on Android devices for sensitive communications, authentication, or operational control. Physical access to devices could allow attackers to escalate privileges at the bootloader level, potentially leading to full device compromise, data theft, or persistent malware installation that survives OS reinstallation. This could undermine confidentiality, integrity, and availability of organizational data and services. Critical infrastructure, government agencies, and enterprises with mobile device fleets are at higher risk. The vulnerability could also affect supply chain security if devices are tampered with before deployment. The absence of user interaction requirement increases the risk in environments where devices are shared or left unattended. However, the need for physical access limits remote exploitation, somewhat reducing the attack surface but emphasizing the importance of physical security controls.

Mitigation should focus on multiple layers: 1) Implement strict physical security controls to prevent unauthorized access to devices, including secure storage and tamper-evident seals. 2) Monitor for firmware and bootloader updates from device manufacturers and Google, and apply patches promptly once released. 3) Employ device encryption and secure boot features to limit the impact of bootloader compromise. 4) Use hardware security modules or trusted platform modules (TPMs) where available to protect boot integrity. 5) Conduct regular audits and integrity checks of device firmware to detect unauthorized modifications. 6) For high-security environments, consider disabling bootloader unlocking or restricting it via device management policies. 7) Educate users and administrators about the risks of physical device access and enforce policies to minimize exposure. These steps go beyond generic advice by focusing on physical security and bootloader integrity specific to this vulnerability.