CVE-2025-0077
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1223 | A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-0077 is a vulnerability in the Android platform's user switching mechanism caused by a race condition in UserController.java. During system boot in Highly Secure User Mode (HSUM) builds, the system user and main user start simultaneously, causing conflicting notifications between UserSwitchObservers. This race condition can lead to a lock screen bypass, allowing local escalation of privilege without needing additional execution privileges or user interaction. [1, 4]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access to bypass the lock screen due to the race condition in user switching. This means unauthorized users could gain elevated privileges on the device without needing extra permissions or user interaction, potentially compromising device security and access to sensitive data. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to a race condition in the Android UserController component during system boot and user switching, specifically in HSUM builds. Detection would involve monitoring for system crashes during boot or unexpected behavior in user switching, such as the lock screen failing to appear when switching users. Since this is a local privilege escalation vulnerability with no network component, network detection is not applicable. There are no specific commands provided in the resources to detect this vulnerability directly. However, monitoring system logs for crashes related to UserController or keyguard failures during user switches could help identify exploitation attempts. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the official patches that fix the race condition in UserController.java as described in the resources. The fixes involve making user switch observer calls synchronous, moving critical calls to the appropriate handler thread to serialize execution, and ensuring the keyguard is shown at the correct time during user switches. Updating the Android platform/frameworks/base component to include these fixes will prevent the lock screen bypass and local privilege escalation. Additionally, ensure that your system is running HSUM builds with these patches applied. There are no specific configuration changes or workarounds mentioned as immediate mitigations other than applying the fixes. [1, 2, 4]