CVE-2025-26442

Published: Sep 4, 2025Modified: Sep 29, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (3)

Products: Google: Android

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 13.0
Google Android	Version 14.0
Google Android	Version 15.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://android.googlesource.com/platform/packages/apps/Settings/+/63f8849244d1817be2729f522a75424c219e9ecb

Source: security@android.com

PatchProduct

https://source.android.com/security/bulletin/2025-05-01

Source: security@android.com

Vendor Advisory

Timeline

No history available yet.