CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2025-26417
https://notcve.org/view.php?id=CVE-2025-26417
26 Aug 2025 — In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/uthrasri/CVE-2025-26417 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0093
https://notcve.org/view.php?id=CVE-2025-0093
26 Aug 2025 — In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/090ca53cc13c12e3763777a6a3c7367641e9808f • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0092
https://notcve.org/view.php?id=CVE-2025-0092
26 Aug 2025 — In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/090ca53cc13c12e3763777a6a3c7367641e9808f • CWE-345: Insufficient Verification of Data Authenticity CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0086
https://notcve.org/view.php?id=CVE-2025-0086
26 Aug 2025 — In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/c1aa9e662464b8fa49765d53a82efa8e06bb176a • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0084
https://notcve.org/view.php?id=CVE-2025-0084
26 Aug 2025 — In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/94c565214e3496fbaade9efed8be41d6425ba21e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0083
https://notcve.org/view.php?id=CVE-2025-0083
26 Aug 2025 — In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/services/Telecomm/+/685c2fc2f6b40bb2113db77da270c7b7220791c4 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0082
https://notcve.org/view.php?id=CVE-2025-0082
26 Aug 2025 — In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/services/Telecomm/+/685c2fc2f6b40bb2113db77da270c7b7220791c4 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0081
https://notcve.org/view.php?id=CVE-2025-0081
26 Aug 2025 — In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/external/dng_sdk/+/7fc02c8d5af37c97b325dc2956f4a6117c145c2f • CWE-457: Use of Uninitialized Variable •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0079
https://notcve.org/view.php?id=CVE-2025-0079
26 Aug 2025 — In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b1e6d8d1e393d246a0738c92747a0bef98e67a30 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-0078
https://notcve.org/view.php?id=CVE-2025-0078
26 Aug 2025 — In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/native/+/c32d4defe0f4e5cad86437d6672de7a76caf1a79 • CWE-250: Execution with Unnecessary Privileges •